Security at Replyva

Technical controls for vendors who manage sensitive client data. For handling terms, see our Privacy Policy.

Encryption in transit and at rest

HTTPS/TLS protects traffic end to end. Database and object storage are encrypted by our providers; Replyva can apply optional AES-256-GCM field encryption for selected sensitive columns when a platform key is configured.

Contracts and workspace data

Sensitive notes, workspace text, proposals, and contracts can use server-side encryption (rv1:). Names and emails stay searchable for daily operations. This is not full end-to-end encryption for every CRM field.

Authentication and access

Vendor accounts use Clerk with MFA support. Super-admin access is limited to an allowlisted operator set.

Backups and optional E2E messaging

Production backups may be compressed and GPG-encrypted in private storage. Vendors may enable a pilot where portal messages are sealed to the vendor browser key (e2e1:).

For enterprise security reviews or questionnaire requests, contact your Replyva account representative.