Reshift logoReshift

Last updated: 25 May 2026

Security

Security is built into every layer of Reshift. This page summarises our controls across infrastructure, application, and operations.

Infrastructure

Hosted on tier-1 cloud providers with ISO 27001 and SOC 2 certified data centres. Network isolation via private VPCs, restricted security groups, and managed firewalls.

Encryption

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Call audio and transcripts are encrypted with keys managed by our cloud KMS.

Access control

Least-privilege access enforced via SSO and role-based permissions. Production access requires hardware MFA and is fully audit-logged.

Application security

Code is reviewed before merge. Dependencies are scanned continuously. We run regular third-party penetration tests and a private bug bounty programme.

Reliability

Multi-region failover for voice infrastructure. Real-time monitoring and on-call rotation. Status and incident history available on request.

Privacy and compliance

UK GDPR and EU GDPR aligned. DPA available on request. Sub-processor list maintained and reviewed quarterly.

Reporting a vulnerability

Email security@reshift.agency with details. We acknowledge reports within two business days.

Questions? Contact us at hello@reshift.agency.