Trust Center

Security at The Receptionist

Security is built into the fabric of our products, team, infrastructure, and processes, so you can rest assured your data is safeguarded.

Show Navigation
Overview
Overview
👤
Login
  • Compliance
  • Product Security
  • Data Security
  • Privacy
  • Availability & Reliability
  • Organizational Security
  • Business Continuity
  • Infrastructure
  • Threat Management
  • Subprocessors
  • Compliance

    Last updated Wed, Aug 25, 2021
    • GDPR

      The Receptionist is in full support of the General Data Protection Regulation (GDPR). For any GDPR requests, please reach out to support@thereceptionist.com.

    • SOC 2 Type I
  • Product Security

    Last updated Wed, Aug 25, 2021
    • Role-Based Access Control (RBAC)
  • Data Security

    Last updated Wed, Aug 25, 2021
    • Data Encrypted At-Rest

      Our databases are encrypted with AES-256, block-level storage encryption.

    • Data Encrypted In-Transit

      The Receptionist applications and services connect to databases securely by implementing encryption of data in transit using SSL connections.

    • Passwords Encrypted

      Application passwords are always hashed and salted using bcrypt. Additionally, data encryption is offered at rest and in transit by using TLS with at least 128-bit AES encryption.

  • Privacy

    Last updated Wed, Aug 25, 2021
    • Privacy Policy
      Privacy Policy
  • Availability & Reliability

    Last updated Wed, Aug 25, 2021
    • Auto Scaling
    • Quality Assurance Testing
    • Service Monitoring

      The Receptionist uses a variety of tools and services to monitor application metrics, site availability, service uptime, and error tracking. Alerts are in place for metrics such as service throughput, response times, resource consumption, and anomaly detection. SSL certificate monitors are in place to check The Receptionist domain certificate expiration and notify of any changes to certificates.

    • Status Page
      Status Page

      Subscribe to our status page for updates on system status, maintenance, and more.

  • Organizational Security

    Last updated Wed, Aug 25, 2021
    • Confidentiality Agreements
    • Employee Background Checks
    • Employee Security Training
    • Employee Workstations Automatically Locked
    • Employee Workstations Encrypted
    • Limited Employee Access (Principle of Least Privilege)
  • Business Continuity

    Last updated Wed, Aug 25, 2021
    • Data Backups

      Data — and any changes made to the database — are continuously and automatically backed up over the last 7 days. This allows us to create a clone of our database and roll back to a specific point in time.

      We also perform complete backups on a nightly basis and store 7 days worth of daily backups, 8 weeks of weekly backups, and 12 months of monthly backups.

  • Infrastructure

    Last updated Wed, Aug 25, 2021
    • FISMA - Data Center
    • ISO 27001 - Data Center
    • PCI-DSS - Level 1 - Data Center
    • SOC 2 Type II - Data Center
    • Sarbanes-Oxley (SOX) - Data Center
  • Threat Management

    Last updated Wed, Aug 25, 2021
    • Penetration Testing

      Penetrations tests are performed on our application once a year at a minimum. Scans include but are not limited to port scanning, OWASP Top 10 vulnerabilities, and other security risks. Application code and dependencies are continuously scanned and monitored for common vulnerabilities and exposures.

  • Subprocessors

    Last updated Wed, Aug 25, 2021
    • Name
      Purpose
      Location
      Amazon Web Services
      Image hosting
      USA
      Google Analytics
      Web analytics
      USA
      Heroku
      Application hosting
      USA
      HubSpot
      Marketing
      USA
      Pusher
      Web sockets
      USA
      Recurly
      Payment processing
      USA
      Salesforce
      Sales
      USA
      SendGrid
      Email notifications
      USA
      Twilio
      SMS notifications
      USA
      Zapier
      Data integrations
      USA