Rapid Incident Response
We’re prepared for the unexpected. If a security incident occurs, we follow a documented incident response plan to investigate, contain, and remediate quickly. We notify impacted clients promptly and share relevant updates as we learn more.
Transparency
We collect only what we need to provide and improve the service. We’re clear about what we collect, why we collect it, and how it’s used. Where possible, we reduce or anonymize personal information and rely on consent-based processing when applicable.
Privacy
Privacy is built into our processes and our product. We apply strict internal access rules and follow documented practices designed to protect client confidentiality. Our SOC 2 Type I report supports our approach to privacy and security controls.
Data Encryption
Your data is encrypted in transit and at rest. We use SSL/TLS to protect information moving between your browser and our systems, and we use industry-standard encryption to protect data stored in our infrastructure.
Monitoring and Auditing
We continuously monitor our systems for signs of misuse or attacks. Key actions are logged to maintain an audit trail, support investigations, and strengthen accountability around how data is accessed and handled.
Limited Access & Control
Access is restricted to the people who need it to do their job. We use role-based access controls and multi-factor authentication, and we log and review access activity to detect unusual behaviour.
Data Hosting
Regy is hosted in Canada on AWS infrastructure. We thoroughly review and vet third-party subprocessors to ensure they meet our security requirements.
