Security

Is your data secure?

At RapidPhish, being a team of engineers in the cyber security industry, we obviously take security very seriously. The highest information security and privacy standards are part of our product and our company’s integrity.

We use best practices and industry standards to comply with industry-accepted general security and privacy frameworks, helping our customers meet their compliance standards.

Integrating with best security standards practices in the industry: RapidPhish constantly invests in protecting your data. We put security measures and maintain policies and procedures in place to comply with required data security standards. We continue to take all the measures needed to improve our information security level.

What is RapidPhish doing to ensure data privacy?

RapidPhish is committed to protecting customer privacy by:

• Complying with all relevant data protection regulations.

• Offering customers control over data retention and deletion.

• Signing data processing agreements (DPAs) with clear terms.

• Limiting data processing to what is necessary for providing services.

• Maintaining a detailed record of processing activities.

How is RapidPhish handling third-party vendors?

To ensure that third-party service providers meet RapidPhish’s security standards:

• All vendors undergo a strict security and privacy evaluation before onboarding.

• Contracts include data protection obligations and audit rights.

• Vendor access is minimized and monitored.

• Ongoing risk assessments are conducted to verify continued compliance.

Where is RapidPhish’s customer data hosted?

RapidPhish hosts customer data in secure AWS data centers located in the United States.

RapidPhish customer data will not be transferred outside the chosen region without customer consent, except as required by law.

 

Who can access my data?

Access to production environments is tightly controlled and limited to authorized personnel only. RapidPhish enforces the principle of least privilege, ensuring that employees are granted the minimum access necessary for their role.

All access is:

• Logged and monitored continuously.

• Restricted through multi-factor authentication (MFA).

• Granted only after managerial approval and regular access reviews.

 

Is my data backed up?

Yes. RapidPhish performs daily, encrypted backups of all customer data. These backups are:

• Stored securely in geographically separate locations.

• Retained in accordance with our data retention policy.

• Regularly tested to ensure successful recovery in case of disaster.

Our disaster recovery plan is tested periodically to validate the integrity and availability of backup systems.

 

Where and how is my data stored and secured?

RapidPhish hosts customer data on Amazon Web Services (AWS), which maintains the highest standards for security and compliance. Our cloud infrastructure ensures:

• Data is encrypted at rest using AES-256 and in transit using TLS 1.2+.

• Physical security is maintained by AWS, including 24/7 surveillance, biometric access, and more.

• Network security is enforced through firewalls, intrusion detection, and vulnerability management systems.

What type of network security do you have?

RapidPhish implements multiple layers of network security to protect customer data, including:

• Firewalls and Virtual Private Clouds (VPCs) to isolate and protect network resources.

• Intrusion Detection and Prevention Systems (IDPS) to monitor and respond to malicious activity.

• Regular vulnerability assessments and penetration testing.

• Secure configuration of network devices and continuous monitoring for threats.

Our team continuously monitors network activity to detect and mitigate any suspicious behavior in real-time.

 

Do you provide availability and continuity?

Yes. RapidPhish is committed to ensuring high availability and business continuity through:

• A resilient cloud infrastructure with redundancy across multiple availability zones.

• Regularly tested business continuity and disaster recovery plans.

• Continuous monitoring and alerting to identify and address issues proactively.

• Service Level Agreements (SLAs) to ensure reliable performance for our customers.

These measures help us maintain uninterrupted access to our platform and services.

 

How do you protect the RapidPhish application?

RapidPhish employs secure development practices to ensure the RapidPhish application is protected, including:

• Security is integrated into the Software Development Life Cycle (SDLC), including code reviews, static code analysis, and secure coding guidelines.

• Third-party penetration testing and automated vulnerability scanning.

• Security headers and HTTPS enforced across the application.

• Protection against common web vulnerabilities such as XSS, CSRF, and SQL injection.

• Logging and monitoring of application activity for anomaly detection.

• These controls help maintain a secure and trustworthy platform for all users.

What are my responsibilities as a customer?

• Secure management of user accounts and organizational data.
• Protection of user credentials and access via secure email practices.
• Compliance with the RapidPhish Terms of Service and applicable laws.
• Immediate notification to RapidPhish regarding compromised credentials or suspected security incidents.
• Security penetration testing or assessments require explicit advance written authorization from RapidPhish.