Security and Compliance

Reactima takes data protection seriously. This page outlines our security practices and compliance posture.

Data Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Database backups are encrypted and stored in geographically separate locations.

Authentication

Reactima supports email/password authentication with optional two-factor authentication (TOTP). On the Growth plan and above, SAML-based single sign-on (SSO) is available for integration with identity providers like Okta, Azure AD, and Google Workspace.

Access Controls

Workspace administrators can manage member roles (Admin vs. Member), enforce 2FA for all users, and configure team-based access restrictions on the Growth plan.

Audit Logging

All user actions are recorded in the security audit log, accessible to admins under Settings > Security > Audit Log. The log includes login events, record changes, permission modifications, and data exports.

Data Residency

Reactima's infrastructure is hosted in secure data centers. Workspace data is stored in the region closest to your primary office. Contact sales for specific data residency requirements.

GDPR Compliance

Reactima provides tools for GDPR compliance: data export (right of access), record deletion (right to erasure), and consent tracking. See our Data Processing Agreement for details.

Disaster Recovery

We maintain 24-hour restore points for all critical data. In the event of infrastructure failure, recovery is targeted within 4 hours. See our Service Level Description for uptime guarantees.