Security
Built for healthcare-grade trust.
Refley handles sensitive health data. We treat security and privacy as foundations, not features.
Encryption everywhere
All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Backups are encrypted and geographically distributed.
Least-privilege access
Role-based access controls, hardware-key 2FA for all employees, and just-in-time access for any production data.
Continuous monitoring
24/7 security monitoring, anomaly detection, and on-call incident response with documented runbooks.
Independent audits
Annual third-party penetration tests, ongoing vulnerability scanning, and a public bug bounty program.
Compliance & certifications
- HIPAA-ready architecture
- SOC 2 Type II (in progress)
- GDPR-aligned data handling
- Annual penetration testing
- PCI-DSS for all payments
- Business Associate Agreements available
Report a vulnerability
We welcome responsible disclosure. Email security@refley.com with details. We aim to acknowledge within 24 hours.