Security Policy

Last updated: November 10th 2025

At RequestKit, protecting your data is our top priority. We follow modern security best practices across our infrastructure, application, and internal operations.

Infrastructure & Hosting

  • Hosted on AWS (Amazon Web Services) — Our servers are deployed on AWS data centres located within the European Union, benefiting from AWS’s world-class physical and network security.
  • Deployed via Vercel — Our web application is deployed on Vercel, which handles continuous deployment, SSL termination, and global edge caching for optimal performance and reliability.
  • Encryption in Transit — All data is encrypted in transit using TLS 1.2+ (HTTPS).
  • Encryption at Rest — Databases and file storage on AWS are encrypted at rest using AES-256.

Authentication & Access Control

  • Single Sign-On (SSO) — We support secure authentication and session management through modern SSO providers (via Better Auth) to protect user identities.
  • Role-Based Access — Access to data within the platform is restricted based on user roles and organization membership.
  • Strong Passwords — All user accounts are required to use strong, unique passwords, stored only as secure salted hashes.

Application Security

  • Secure Development Practices — Our engineers follow modern security principles, including input validation, prepared SQL queries (via Prisma), and dependency auditing.
  • Least-Privilege Principle — Services and APIs only have the permissions they need to function.
  • Regular Updates — We keep our dependencies, libraries, and environments up to date with the latest security patches.
  • Logging & Monitoring — Access and event logs are retained for six months to monitor system activity and detect anomalies.

Data Privacy

  • Data Residency — All customer data is stored and processed within the European Union.
  • No Third-Party Selling — We do not sell or share your data with advertisers.
  • Customer Ownership — You control the data you collect from your clients. RequestKit acts as a processor on your behalf.

Backups & Reliability

  • Automated Backups — Databases are backed up automatically and can be restored in the event of data loss.
  • Redundancy — Our hosting environment is designed for high availability and resilience.
  • Monitoring — We use continuous monitoring tools to ensure uptime and performance.

Responsible Disclosure

If you believe you’ve found a potential security issue with RequestKit, please contact us directly at security@requestkit.com.

We appreciate responsible disclosure and will review all reports promptly.

Our Commitment

Security is an ongoing process. We continuously invest in improving our systems and practices to ensure your data stays safe.

Contact

For questions about our security practices, please reach out at:

Email: security@requestkit.com
Website: https://requestkit.com