Security
Last updated May 2026
Security is foundational to a system that touches your entire pipeline. Here's how we protect your data.
Encryption
Data is encrypted in transit with TLS and at rest with AES-256. Security headers and a strict transport policy are enforced on every response.
Tenant isolation
Every organization's data is isolated. The database enforces row-level security scoped to each org, and the application independently scopes every query — defense in depth so one tenant can never read another's data.
Authentication and access
Sign-in is handled by a managed auth provider with email/password and Google OAuth. Sessions are refreshed securely and app routes are gated by middleware. Higher tiers add SSO and role-based access control.
Secrets and integrations
API keys for CRM, email/SMS, and AI providers are stored as server-side secrets, never exposed to the browser. Outbound integrations use scoped credentials you control and can revoke at any time.
Infrastructure
We run on reputable cloud infrastructure with automated backups and monitoring. Access to production is limited to authorized personnel and logged.
Reporting a vulnerability
Found an issue? We appreciate responsible disclosure. Email security@recall-touch.com with details and we'll respond promptly.
Questions about this page? Email legal@recall-touch.com.