Skip to content

Security

RepWorth protects review, billing, and approval data with scoped access, hashed approval tokens, and explicit owner approval before posting.

Vulnerability disclosure

Report suspected vulnerabilities to security@repworth.net. We will acknowledge receipt, investigate in good faith, and avoid legal action for good-faith research that avoids data destruction, service disruption, and access to other customers' data.

Current status

  • Approval tokens are stored as SHA-256 hashes, not raw tokens.
  • Customer-facing posting requires explicit owner approval.
  • Tenant access is enforced in application code — every owner read and write is scoped to your account and location. Row-level security policies are additionally enabled on protected database tables as a defense-in-depth backstop.
  • Likely protected health information (PHI) in imported review text is blocked before persistence or logging.
  • SOC 2 audit is not yet complete.

Legal and privacy

See Privacy, Terms, and Sub-processors.