ReeskReesk.io
← Back to home

Security at Reesk

Enterprise risk management requires enterprise-grade security. Here is how we protect your data and your organization.

Last updated: Mar 25, 2026

Encryption

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. Database backups are encrypted using the same standard.

Infrastructure

Reesk runs on enterprise-grade cloud infrastructure with redundant availability zones. Infrastructure access is restricted by role and requires multi-factor authentication.

Access Controls

We follow the principle of least privilege. Production access is logged, audited, and reviewed. Customer data is never accessed without explicit permission or legal obligation.

Backups & Recovery

Automated daily backups with point-in-time recovery. Backup integrity is tested regularly. Recovery procedures are documented and tested quarterly.

Compliance Posture

Reesk is designed with GDPR compliance requirements in mind. We maintain internal controls aligned with SOC 2 Type II principles and ISO 27001 best practices.

Vulnerability Management

We perform regular dependency audits, static code analysis, and penetration testing. Security patches are applied on an expedited schedule.

Compliance & Certifications

GDPR

Reesk is designed to support GDPR obligations. We act as a data processor for risk data you store, and provide Data Processing Agreement (DPA) templates for enterprise customers. Contact us to arrange a DPA.

SOC 2 Alignment

Our security controls are designed in alignment with SOC 2 Trust Service Criteria covering Security, Availability, and Confidentiality.

ISO 27001 Alignment

Our information security management practices follow ISO 27001 guidelines, including risk assessment, access management, and incident response.

Data Residency

Customer data is stored in EU-based infrastructure by default. Enterprise customers may request region-specific data residency options.

Responsible Disclosure

If you discover a potential security vulnerability in Reesk, we ask that you report it to us responsibly before public disclosure. We commit to:

  • Acknowledge your report within 48 hours.
  • Investigate and provide a status update within 7 business days.
  • Work with you to understand and resolve the issue before any public disclosure.

Report vulnerabilities to security@reesk.io. Please include a description of the vulnerability, steps to reproduce it, and your contact details.

Questions about security?

Our team is happy to answer security questions from enterprise prospects and customers.

Contact Security Team