Security

Our security practices

• Encryption in transit: All data transmitted between your browser, our servers, and the Google API is encrypted with TLS 1.2 or higher.
• Encryption at rest: Customer data stored in our database is encrypted at rest using industry-standard AES-256.
• Google OAuth:We use Google's official OAuth 2.0 flow. We never store your Google password. You can revoke ReviewReply's Google access at any time from your Google Account settings.
• Access controls: Internal access to production systems is restricted to authorized personnel with multi-factor authentication enforced.
• Payment security: Payment processing is handled by Stripe. ReviewReply never stores or processes raw card numbers.

Vulnerability disclosure

If you discover a security vulnerability in ReviewReply, please report it responsibly by emailing security@reviewreply.com. Include a description of the vulnerability, steps to reproduce it, and any relevant screenshots or logs. We will acknowledge receipt within 48 hours and keep you informed as we investigate and remediate.

Please do not publicly disclose vulnerabilities before we have had a reasonable opportunity to address them. We appreciate responsible disclosure and will recognize researchers who follow this process.

For information on how we handle your personal data, see our Privacy Policy.