Security Summary

Replofy is a hosted, multi-tenant customer support platform built around a schema-per-tenant data model. Customer workspaces are isolated by organization, and runtime access to workspace data is mediated through tenant-scoped database functions and MCP tools rather than broad direct client access to tenant schemas.

The service currently relies on managed infrastructure for application hosting, authentication, storage, database operations, queue processing, and AI runtime orchestration.

• Workspace access is tied to organization membership and role assignments.
• Tenant data access is validated at the server and database layer using authenticated membership checks and service-role controls.
• Customer-enabled Gmail and similar integrations use OAuth-based authorization rather than password collection by Replofy.

Customer access to Replofy uses encrypted web transport. Connected integrations rely on provider-supported secure authentication and transport paths.

Stored integration secrets and OAuth tokens rely on provider-managed storage protections and restricted service access controls. Replofy does not store customer Google passwords.

Uploaded knowledge content, ticket content, and connected-channel messages are intended to remain logically scoped to the customer workspace that submitted them through database, application, and service-layer controls.

• Replofy maintains operational logs and audit trails for key actions, queue processing, workflow execution, and selected customer-triggered changes.
• Prompt-hardening and bounded runtime settings are used to reduce, not eliminate, unsafe AI behavior and to constrain output paths.
• If Replofy becomes aware of a personal data breach affecting customer data, the DPA baseline is notification without undue delay and, where feasible, an initial notice target of 48 hours.

Replofy depends on managed infrastructure providers for database durability, platform resilience, and recovery operations. Public uptime commitments, support response targets, and service credits are defined only in the SLA when an executed customer agreement references it.

At the end of a subscription, customer content is returned or deleted on the operational baseline described in the Privacy Policy and DPA: the current target is up to 30 days for active-system deletion or return and up to 90 additional days for managed backup expiry.

Replofy is responsible for the security of the hosted platform.

Customers are responsible for:

• managing workspace users, approvals, and connected channels;
• reviewing workflow settings and autonomous actions;
• ensuring uploaded content and integrated systems are lawful and appropriate for the intended use case; and
• deciding what customer data enters the platform and how long it should remain there, subject to product capabilities and law.

Last updated: April 18, 2026.