🔒
Encrypted
All data encrypted in transit and at rest
🛡️
Protected
Industry-standard access controls
💳
PCI Safe
Card data never stored on our servers
Section 01
Overview
At OptiReply, we take the security of your business data seriously. We implement industry-standard practices to protect customer data, ensure platform reliability, and maintain your trust.
We continuously improve our security practices as OptiReply scales. This page reflects our current security posture as of March 2026.
Section 02
Data Protection
We protect all data passing through OptiReply with multiple layers of security:
- All data in transit is encrypted using HTTPS/TLS
- Database data is encrypted at rest
- Secure authentication with hashed password storage — plaintext passwords are never stored
- Role-based access controls limit data exposure within the platform
- Session tokens are securely managed and expire automatically
Section 03
Infrastructure
Our platform is built on secure, enterprise-grade cloud infrastructure designed for reliability and security.
- Backend powered by Supabase — built on AWS with SOC 2 compliance
- Frontend hosted on Vercel with global CDN delivery
- High availability architecture with automatic failover
- Continuous system monitoring and alerting
- Regular automated backups with point-in-time recovery
Section 04
Access Control
- Only authorized personnel can access sensitive systems
- Internal access follows least-privilege principles — staff access only what their role requires
- All access is logged and monitored
- Multi-factor authentication is enforced for administrative access
Section 05
Payment Security
OptiReply never stores, processes, or transmits credit card numbers on our own servers.
- All payments are processed exclusively through Stripe — a PCI DSS Level 1 certified provider
- Card details are tokenized by Stripe and never touch our systems
- Subscription management and billing history are handled securely through Stripe's infrastructure
Section 06
Third-Party Security
All third-party providers used by OptiReply are evaluated for security standards before engagement and are required to maintain appropriate safeguards.
- Supabase — SOC 2 Type II compliant, built on AWS
- Stripe — PCI DSS Level 1 certified
- Vercel — SOC 2 compliant hosting
- Google Cloud — ISO 27001, SOC 2, and more
Section 07
Data Retention & Deletion
- Users can delete their account and data at any time
- Personal data is removed from active systems within 30 days of a deletion request
- Backup systems are purged on a rolling 90-day cycle
- See our full Data Deletion Policy for details
Section 08
Incident Response
In the event of a security incident involving your data:
- We investigate immediately upon detection
- Affected users are notified within 72 hours if required by law or if data is at risk
- Corrective actions are implemented and documented
- A post-incident review is conducted to prevent recurrence
Section 09
Vulnerability Disclosure
If you discover a security vulnerability in OptiReply, please report it responsibly. We ask that you:
- Email us at privacy@seven9it.com with details
- Give us reasonable time to investigate and remediate before public disclosure
- Avoid accessing, modifying, or deleting data that isn't yours
We will acknowledge all responsible disclosures and work with you to resolve confirmed issues.
Section 10
Contact
Security questions or concerns? Reach out directly: