Powered by eniston
  1. Overview
  2. FAQ & Troubleshooting
  3. Legal & Compliance
  4. Data Security

Data Security

Data security is an absolute priority to us. For the sake of transparency, here’s a list of measures we take to keep your data safe and available 24-7.

1. Availability

ReachOut.AI strives to maintain an uptime of 99.9%, and we use several services to monitor uptime and site availability. In case of downtime or emergency, our team receives real-time notifications, allowing us to act swiftly. In the rare case that issues do arise, we’ll keep you updated at all times through our status page and in-app notifications. We’ll do everything within our power to resolve the issue as soon as we can.

2. Security measures

All traffic to ReachOut.AI passes through an SSL-encrypted connection, and we only accept traffic through port 443. A report of our SSL configuration can be obtained by simple request. During a first website visit, ReachOut.AI sends a Strict Transport Security Header (HSTS) to the user agent, ensuring that all future requests will be made via HTTPS. Even if a link to ReachOut.AI is specified as HTTP. All data stored on ReachOut.AI systems is encrypted at rest. Information stored in our database systems or on our file systems is encrypted using the industry standard AES-256 encryption algorithm. AWS stores and manages data cryptography keys in its redundant and globally distributed Key Management Service. This means that even if an intruder were ever able to access any of the physical storage devices, the data contained therein would still be impossible to decrypt without the keys, rendering the information useless.

ReachOut.AI uses Amazon Web Services (AWS) to store user data in located in Northern Virginia. AWS supports over 143 security standards and compliance certifications so the data is secured: https://aws.amazon.com/compliance/ 

These servers undergo recurring assessment to ensure compliance with the latest industry standards, and continually manage risk. By using AWS as our data center, our infrastructure is accredited by:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • C5 Operational Security
  • ENS High
  • IT-Grundschutz

All AWS data centers feature the following security measures:

  • AWS employees only access
  • 24 hour CCTV monitoring
  • Intrusion detection
  • Full access review and logging
  • Fully redundant electrical power systems, with a backup power supply to remain operational 24 hours per day
  • Automatic fire detection and suppression systems
  • Leakage detection systems to detect the presence of water
 

More information about AWS security can be found at https://aws.amazon.com/compliance/programs/.

We block requests from known vulnerable IP addresses and throttle requests from the same IP to prevent misuse. To combat Cross-Site Scripting (XSS) attacks, our back-end application escapes all output by default before it reaches the browser, avoiding the risk of sending raw data. We block requests from external domains to minimize Cross-Site Request Forgery (CSRF) risks and use CSRF tokens for critical actions.

We regularly hire security experts to evaluate our infrastructure and ensure compliance with industry best practices. Our team employs strong, unique passwords for ReachOut.AI accounts and has implemented Two-Factor Authentication for all devices and services. All employees must use password managers (e.g., LastPass, 1Password) to create and store robust passwords. We also encrypt local hard drives and enable automatic screen locking. Access to application admin functions is restricted to a select group and logged in audit reports.

We regularly hire security experts to evaluate our infrastructure and ensure compliance with industry best practices. Our team employs strong, unique passwords for ReachOut.AI accounts and has implemented Two-Factor Authentication for all devices and services. All employees must use password managers (e.g., LastPass, 1Password) to create and store robust passwords. We also encrypt local hard drives and enable automatic screen locking. Access to application admin functions is restricted to a select group and logged in audit reports. 

Files that users can share, such as final results of cloned voice recordings and generated videos, are public and intended for users business needs via ReachOut.AI services. In contrast, other assets and sensitive data, like the database, are private and secure. 

We have internal measures to ensure that account details are only accessible through the user’s session or API key; for example, a different user cannot access another user’s custom avatar unless the API key is shared by the end user. 

Your API keys remain confidential and and accessible only by you (the end user). We do not share the user’s data with external APIs, and we never use the user generated assets for AI model training.

3. Quality Assurance

We implemented strict code reviews for all changes to our code base to uphold development best practices. Since launching ReachOut.AI, we encourage users to report any issues they encounter, helping us enhance the security and reliability of our platform. All vulnerability reports are promptly reviewed and addressed.

Other useful resourses:

Was this article helpful?
© 2024 ReachOut.AI (Legacy)