The Highest Standard of Compliance

GDPR READINESS

RepsMate is committed to ensuring ongoing compliance with the General Data Protection Regulation (GDPR). With RepsMates’s GDPR-compliant flows you ensure that any meeting attendee is made completely aware of call recording and they also provide their explicit consent for it.

PRIVACY SHIELD

RepsMate complies with the EU-U.S. and Swiss-U.S. Privacy Shield Framework. This ensures that RepsMate maintains the highest standards in data protection when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

Recordings, transcripts, and analytics are encrypted in transit with either TLS or HTTPS
All connections with the RepsMate platform are encrypted using SSL
Any attempt to connect over HTTP is redirected to HTTPS
Sensitive data such as deploy keys for source control tools are encrypted at rest
Encryption key management by administering the full lifecycle of cryptographic keys. This includes: generating, using, storing, archiving, and deleting of keys
Support multiple Single Sign-On (SSO) providers, via OAuth2 and SAML, such as Google, Microsoft, and Okta
Where SSO is not an option, RepsMate login requires strong passwords
User passwords are salted, irreversibly hashed, and stored in RepsMate’s database
Internal penetration testing performed at least once each quarter, and external third-party testing at least once a year
We actively manage access to all protected information assets and system changes
Least privilege and segregation of duties used to determine access
New contractors and employees are required to pass a background check and sign confidentiality agreements
Employees receive routine security awareness training and confirm adherence to Company security policies
RepsMate new-hires complete security training as part of the entry into the organization
Employees are reminded of security best practices through informal and formal communications
RepsMate’s vendor management program ensures that third-parties comply with an expected level of security controls