Your data is safe with realfast.
Your data is safe with realfast.
Your data is safe
with realfast.
At realfast, safeguarding your data is integral to our company culture, operations, and product development. We take the responsibility of protecting your information very seriously.
At realfast, safeguarding your data
is integral to our company culture, operations, and product development. We take the responsibility of protecting your information
very seriously.
At realfast, safeguarding
your data is integral to our company culture, operations, and product development. We take the responsibility of protecting your information very seriously.
We start by dotting the I's and crossing the T's.
We start by dotting the I's and crossing the T's.
We start by dotting the I's and crossing the T's.
Compliance & Certifications
Compliance & Certifications
ISO 27001:2022
SOC 2 Type II
For the most up-to-date information on our compliance posture, please contact security@realfast.ai
For the most up-to-date information on our compliance posture, please contact security@realfast.ai
For the most up-to-date information on our compliance posture, please contact security@realfast.ai
It’s always good to be slightly paranoid about security.
It’s always good to be slightly paranoid about security.
It’s always good to be slightly paranoid about security.
Secure
Integrations
Secure
Integrations
When building new integrations, we design them to maximize user security throughout, be it OpenAI, Gemini, or Claude for GenAI model usage, or AWS, Google Cloud, or Azure for cloud infrastructure.
When building new integrations, we design them to maximize user security throughout, be it OpenAI, Gemini, or Claude for GenAI model usage, or AWS, Google Cloud, or Azure for cloud infrastructure.
Audit Logging
Audit Logging
We store transaction and receipt data for your time as
a realfast customer, enabling audit readiness and the ability to review company spend retroactively.
You can track who did what, when, and why with detailed transaction histories.
We store transaction and receipt data for your time as a realfast customer, enabling audit readiness and the ability to review company spend retroactively.
You can track who did what, when, and why with detailed transaction histories.
Security Notifications
Security Notifications
We notify you of any updates to your account's contact details, security settings, or login configuration.
We notify you of any updates to your account's contact details, security settings, or login configuration.
Single Sign-On (SSO)
Single Sign-On (SSO)
Currently, all businesses have access to Sign in with Google, but we will add other SSO providers soon.
Currently, all businesses have access to Sign in with Google, but we will add other SSO providers soon.
Role-Based Access Control
Role-Based Access Control
We have granular permissions to ensure users only see what they need.
We have granular permissions to ensure users only see what they need.
Multi-Factor Authentication
Multi-Factor Authentication
realfast retains
multi-factor authentication for all users who sign in with
an Identity provider. Currently, we only allow logins with Google.
realfast retains
multi-factor authentication for all users who sign in with
an Identity provider. Currently, we only allow logins with Google.
Secure Integrations
When building new integrations,
we design them to maximize user security throughout, be it OpenAI, Gemini, or Claude for GenAI model usage, or AWS, Google Cloud, or Azure for cloud infrastructure.
Audit Logging
We store transaction and receipt data for your time as a realfast customer, enabling audit readiness and the ability to review company spend retroactively.
You can track who did what, when, and why with detailed transaction histories.
Security Notifications
We notify you of any updates to your account's contact details, security settings, or login configuration.
Single Sign-On (SSO)
Currently, all businesses have access to Sign in with Google, but we will add other SSO providers soon.
Role-Based Access Control
We have granular permissions to ensure users only see what they need.
Multi-Factor Authentication
realfast retains multi-factor authentication for all users who sign in with an Identity provider. Currently, we only allow logins with Google.
We are always on guard.
We are always on guard.
We are always
on guard.
Access Monitoring
Access Monitoring
Access Monitoring
realfast logs failed and successful logins, application access, admin changes, and system changes. We continuously monitor critical systems for potential threats, with automated logging and alerting.
realfast logs failed and successful logins, application access, admin changes, and system changes. We continuously monitor critical systems for potential threats, with automated logging and alerting.
Real-time Security Monitoring
Real-time Security Monitoring
Real-time Security Monitoring
realfast employs a 24/7 Security Operations Center (SOC) that continuously monitors our network for potential threats. The SOC combines automated tools and human expertise to detect, analyze, and respond
to security events in real time
realfast employs a 24/7 Security Operations Center (SOC) that continuously monitors our network for potential threats. The SOC combines automated tools and human expertise to detect, analyze, and respond
to security events in real time
realfast employs a 24/7
Security Operations Center (SOC) that continuously monitors our network for potential threats. The SOC combines automated tools and human expertise to detect, analyze, and respond to security events in real time
Zero Trust Architecture
We are designing our systems based on the principles of Zero Trust. This means that no user or device is automatically trusted, regardless of whether they are inside or outside the network perimeter. Every access request is authenticated, authorized, and encrypted before access is granted.
Zero Trust Architecture
Zero Trust Architecture
We are designing our systems based on the principles of Zero Trust. This means that no user or device is automatically trusted, regardless of whether they are inside or outside the network perimeter. Every access request is authenticated, authorized, and encrypted before access is granted.
With code, it’s better to be
safe than sorry.
With code, it’s better to be
safe than sorry.
With code, it’s
better to be safe
than sorry.
Static Code Analysis
Static Code Analysis
Static Code Analysis
Secure Development Training
Secure Development Training
Secure Development Training
Web Application Firewall
Web Application Firewall
Web Application Firewall
Strict Access Control —
because it's your data, not ours.
Strict Access Control —
because it's your data, not ours.
Strict Access Control —
because it's your data, not ours.
Data Access
Data Access
At realfast, we adhere strictly to the principle of least privilege. Access permissions are granted based solely on an individual's job function and business requirements. We conduct periodic access reviews to ensure these permissions remain appropriate and are revoked promptly when no longer needed.
At realfast, we adhere strictly to the principle of least privilege. Access permissions are granted based solely on an individual's job function and business requirements. We conduct periodic access reviews to ensure these permissions remain appropriate and are revoked promptly when no longer needed.
At realfast, we adhere strictly to the principle of least privilege. Access permissions are granted based solely on an individual's job function and business requirements. We conduct periodic access reviews to ensure these permissions remain appropriate and are revoked promptly when no longer needed.
Data Access
Logging
Logging
We employ a robust Security Incident and Event Monitoring (SIEM) solution to centrally collect and analyze logs from all critical systems. This allows us to constantly monitor system activity and detect any potential security events. Automated alerts are configured to immediately notify our security team of any suspicious activities.
We employ a robust Security Incident and Event Monitoring (SIEM) solution to centrally collect and analyze logs from all critical systems. This allows us to constantly monitor system activity and detect any potential security events. Automated alerts are configured to immediately notify our security team of any suspicious activities.
We employ a robust Security Incident and Event Monitoring (SIEM) solution to centrally collect and analyze logs from all critical systems. This allows us to constantly monitor system activity and detect any potential security events. Automated alerts are configured to immediately notify our security team of any suspicious activities.
Logging
Password Security
Password Security
Our internal password policies are fully aligned with the stringent requirements of ISO 27001. All employees are required to use a password manager to ensure the use of strong, unique passwords across all systems. For access to particularly sensitive systems, we enforce the use of multi-factor authentication (MFA) to provide an additional layer of security.
Our internal password policies are fully aligned with the stringent requirements of ISO 27001. All employees are required to use a password manager to ensure the use of strong, unique passwords across all systems. For access to particularly sensitive systems, we enforce the use of multi-factor authentication (MFA) to provide an additional layer of security.
Our internal password policies are fully aligned with the stringent requirements of ISO 27001. All employees are required to use a password manager to ensure the use of strong, unique passwords across all systems. For access to particularly sensitive systems, we enforce the use of multi-factor authentication (MFA) to provide an additional layer of security.
Password Security
But protecting your data starts
with protecting our own.
But protecting your data starts
with protecting our own.
But protecting your data starts with protecting
our own.
Email Protection
Email Protection
Email Protection
Employee Training
Employee Training
Employee Training
Incident Response
Incident Response
Incident Response
Internal Assessments
Internal Assessments
Internal Assessments
We also utilize a compliance and audit readiness solution that provides
We also utilize a compliance and audit readiness solution that provides
We also utilize a compliance and audit readiness solution that provides
Expect nothing less than the best infrastructure.
Expect nothing less than the best infrastructure.
Expect nothing less than the best infrastructure.
Amazon Web Services (AWS)
Amazon Web Services (AWS)
realfast's infrastructure is built on the secure and compliant foundation of Amazon Web Services (AWS) – Mumbai region. By using AWS, we inherit the benefits of their world-class physical security measures. These include strict access controls for data centers, 24/7 monitoring, and regular audits to ensure adherence to industry best practices.
AWS also provides us with critical security features such as encryption for data at rest, robust network segmentation, and advanced tools for monitoring and logging.
realfast's infrastructure is built on the secure and compliant foundation of Amazon Web Services (AWS) – Mumbai region. By using AWS, we inherit the benefits of their world-class physical security measures. These include strict access controls for data centers, 24/7 monitoring, and regular audits to ensure adherence to industry best practices.
AWS also provides us with critical security features such as encryption for data at rest, robust network segmentation, and advanced tools for monitoring and logging.
Securing Production
Environment
Securing Production
Environment
We use AWS VPCs and IAM policies to isolate our production environment. Systems from one environment are not permitted to communicate with other environments.
We use AWS VPCs and IAM policies to isolate our production environment. Systems from one environment are not permitted to communicate with other environments.
Anti-DDoS
Anti-DDoS
We plan to implement an industry-standard web application firewall (WAF) to protect our services from DDoS attacks and help deter attempts to exploit common vulnerabilities.
We plan to implement an industry-standard web application firewall (WAF) to protect our services from DDoS attacks and help deter attempts to exploit common vulnerabilities.
Business Continuity and
Disaster Recovery
Business Continuity and
Disaster Recovery
We are establishing a business continuity and disaster recovery (BC/DR) program. This includes a BC/DR plan, business impact analysis (BIA), risk assessments, and procedures for monitoring and improving the program.
The plan guides responding, recovering, and resuming operations during severe events, to ensure essential business processes remain operational. It covers the personnel, resources, services, and actions required for this.
The BC/DR plan will be tested annually.
We are establishing a business continuity and disaster recovery (BC/DR) program. This includes a BC/DR plan, business impact analysis (BIA), risk assessments, and procedures for monitoring and improving the program.
The plan guides responding, recovering, and resuming operations during severe events, to ensure essential business processes remain operational. It covers the personnel, resources, services, and actions required for this.
The BC/DR plan will be tested annually.
Anti-DDoS
We plan to implement an industry-standard web application firewall (WAF) to protect our services from DDoS attacks and help deter attempts to exploit common vulnerabilities.
Securing Production
Environment
We use AWS VPCs and IAM policies to isolate our production environment. Systems from one environment are not permitted to communicate with other environments.
Business Continuity and
Disaster Recovery
We are establishing a business continuity and disaster recovery (BC/DR) program. This includes a BC/DR plan, business impact analysis (BIA), risk assessments, and procedures for monitoring and
improving the program.The plan guides responding, recovering, and resuming operations during severe events, to ensure essential business processes remain operational. It covers the personnel, resources, services, and actions required for this.
The BC/DR plan will be tested annually.
Amazon Web Services (AWS)
realfast's infrastructure is built on the secure and compliant foundation of Amazon Web Services (AWS) – Mumbai region. By using AWS, we inherit the benefits of their world-class physical security measures. These include strict access controls for data centers, 24/7 monitoring, and regular audits to ensure adherence to industry best practices.
AWS also provides us with critical security features such as encryption for data at rest, robust network segmentation, and advanced tools for monitoring and logging.
End-to-end security for all your devices and data.
End-to-end security for all your devices and data.
End-to-end security for all your devices and data.
Disk Encryption
Disk Encryption
Disk Encryption
All realfast-issued devices are required to have full disk encryption enabled. This ensures that data stored on these devices remains secure even in the event of loss or theft.
All realfast-issued devices are required to have full diskcencryption enabled. This ensures that data stored on these devices remains secure even in the event of loss or theft.
All realfast-issued devices
are required to have full disk encryption enabled. This ensures that data stored on these devices remains secure even in the event of loss or theft.
Device Monitoring
Device Monitoring
Device Monitoring
We employ a Mobile Device Management (MDM) solution to enforce security policies on all corporate endpoints. realfast enforces encryption, strong password policies, and automatic locking, and keeps operating systems and security patches
up-to-date.
We employ a Mobile Device Management (MDM) solution to enforce security policies on all corporate endpoints. realfast enforces encryption, strong password policies, and automatic locking, and keeps operating systems and security patches up-to-date.
We employ a Mobile Device Management (MDM) solution to enforce security policies on all corporate endpoints. realfast enforces encryption, strong password policies, and automatic locking, and keeps operating systems and security patches up-to-date.
Threat Detection
Threat Detection
Threat Detection
We use AWS's managed threat detection service to proactively identify and respond to potential threats. This service continuously monitors endpoints for any signs of malware, unauthorized access, or other suspicious activities. When threats are detected, the service notifies you immediately and recommends potential remedies.
We use AWS's managed threat detection service to proactively identify and respond to potential threats. This service continuously monitors endpoints for any signs of malware, unauthorized access, or other suspicious activities. When threats are detected, the service notifies you immediately and recommends potential remedies.
We use AWS's managed threat detection service to proactively identify and respond to potential threats. This service continuously monitors endpoints for any signs of malware, unauthorized access, or other suspicious activities. When threats are detected, the service notifies you immediately and recommends potential remedies.
Your data — safe in transit and at rest.
Data Encryption
We use AES-256 Encryption for data at rest, and TLS 1.2+ Encryption for data in transit. Realfast avoids storing sensitive customer information wherever possible. For example, your credit card numbers related to billing are not stored on our systems and instead reside with our sub-processors.
Data Backups
We use AWS AP-South-1 for automated backups. Backups are encrypted and are retained for at least 30 days, with access restricted by user role in AWS.
Physical Security
Our data centers are hosted by Amazon Web Services (AWS), which makes our security as good as AWS’s Physical Security controls.
Data Encryption
We use AES-256 Encryption for data at rest, and TLS 1.2+ Encryption for data in transit. Realfast avoids storing sensitive customer information wherever possible. For example, your credit card numbers related to billing are not stored on our systems and instead reside with our sub-processors.
Data Backups
We use AWS AP-South-1 for automated backups. Backups are encrypted and are retained for at least 30 days, with access restricted by user role in AWS.
Physical Security
Our data centers are hosted by Amazon Web Services (AWS), which makes our security as good as AWS’s Physical Security controls.
Data Encryption
We use AES-256 Encryption for data at rest, and TLS 1.2+ Encryption for data in transit. Realfast avoids storing sensitive customer information wherever possible. For example, your credit card numbers related to billing are not stored on our systems and instead reside with our sub-processors.
Data Backups
We use AWS AP-South-1 for automated backups. Backups are encrypted and are retained for at least 30 days, with access restricted by user role in AWS.
Physical Security
Our data centers are hosted by Amazon Web Services (AWS), which makes our security as good as AWS’s Physical Security controls.
Our Commitment to You
Our commitment to you
At realfast, security isn't an afterthought – it's the foundation upon which everything else is built. We are constantly evaluating and evolving our practices to stay ahead of emerging threats, so you can focus on your business with the peace of mind that your data is in good hands.
Have questions or concerns? Our security team is always happy to chat.
Reach us at security@realfast.ai.
At realfast, security isn't an afterthought – it's the foundation upon which everything else is built. We are constantly evaluating and evolving our practices to stay ahead of emerging threats, so you can focus on your business with the peace of mind that your data is in good hands.
Have questions or concerns?
Our security team is always happy to chat.
Reach us at security@realfast.ai.
At realfast, security isn't an afterthought – it's the foundation upon which everything else is built. We are constantly evaluating and evolving our practices to stay ahead of emerging threats, so you can focus on your business with the peace of mind that your data is in good hands.
Have questions or concerns?
Our security team is always happy to chat. Reach us at security@realfast.ai.