Your data is safe with realfast.

Your data is safe with realfast.

Your data is safe
with realfast.

At realfast, safeguarding your data is integral to our company culture, operations, and product development. We take the responsibility of protecting your information very seriously.

At realfast, safeguarding your data

is integral to our company culture, operations, and product development. We take the responsibility of protecting your information

very seriously.

At realfast, safeguarding

your data is integral to our company culture, operations, and product development. We take the responsibility of protecting your information very seriously.

We start by dotting the I's and crossing the T's.

We start by dotting the I's and crossing the T's.

We start by dotting the I's and crossing the T's.

Compliance & Certifications

Compliance & Certifications

ISO 27001:2022

SOC 2 Type II

For the most up-to-date information on our compliance posture, please contact security@realfast.ai

For the most up-to-date information on our compliance posture, please contact security@realfast.ai

For the most up-to-date information on our compliance posture, please contact security@realfast.ai

It’s always good to be slightly paranoid about security.

It’s always good to be slightly paranoid about security.

It’s always good to be slightly paranoid about security.

Secure

Integrations

Secure

Integrations

When building new integrations, we design them to maximize user security throughout, be it OpenAI, Gemini, or Claude for GenAI model usage, or AWS, Google Cloud, or Azure for cloud infrastructure.

When building new integrations, we design them to maximize user security throughout, be it OpenAI, Gemini, or Claude for GenAI model usage, or AWS, Google Cloud, or Azure for cloud infrastructure.

Audit Logging

Audit Logging

We store transaction and receipt data for your time as

a realfast customer, enabling audit readiness and the ability to review company spend retroactively.

You can track who did what, when, and why with detailed transaction histories.

We store transaction and receipt data for your time as a realfast customer, enabling audit readiness and the ability to review company spend retroactively.

You can track who did what, when, and why with detailed transaction histories.

Security Notifications

Security Notifications

We notify you of any updates to your account's contact details, security settings, or login configuration.

We notify you of any updates to your account's contact details, security settings, or login configuration.

Single Sign-On (SSO)

Single Sign-On (SSO)

Currently, all businesses have access to Sign in with Google, but we will add other SSO providers soon.

Currently, all businesses have access to Sign in with Google, but we will add other SSO providers soon.

Role-Based Access Control

Role-Based Access Control

We have granular permissions to ensure users only see what they need.

We have granular permissions to ensure users only see what they need.

Multi-Factor Authentication

Multi-Factor Authentication

realfast retains

multi-factor authentication for all users who sign in with

an Identity provider. Currently, we only allow logins with Google.

realfast retains

multi-factor authentication for all users who sign in with

an Identity provider. Currently, we only allow logins with Google.

Secure Integrations

When building new integrations,

we design them to maximize user security throughout, be it OpenAI, Gemini, or Claude for GenAI model usage, or AWS, Google Cloud, or Azure for cloud infrastructure.

Audit Logging

We store transaction and receipt data for your time as a realfast customer, enabling audit readiness and the ability to review company spend retroactively.

You can track who did what, when, and why with detailed transaction histories.

Security Notifications

We notify you of any updates to your account's contact details, security settings, or login configuration.

Single Sign-On (SSO)

Currently, all businesses have access to Sign in with Google, but we will add other SSO providers soon.

Role-Based Access Control

We have granular permissions to ensure users only see what they need.

Multi-Factor Authentication

realfast retains multi-factor authentication for all users who sign in with an Identity provider. Currently, we only allow logins with Google.

We are always on guard.

We are always on guard.

We are always
on guard.

Access Monitoring

Access Monitoring

Access Monitoring

realfast logs failed and successful logins, application access, admin changes, and system changes. We continuously monitor critical systems for potential threats, with automated logging and alerting.

realfast logs failed and successful logins, application access, admin changes, and system changes. We continuously monitor critical systems for potential threats, with automated logging and alerting.

Real-time Security Monitoring

Real-time Security Monitoring

Real-time Security Monitoring

realfast employs a 24/7 Security Operations Center (SOC) that continuously monitors our network for potential threats. The SOC combines automated tools and human expertise to detect, analyze, and respond

to security events in real time

realfast employs a 24/7 Security Operations Center (SOC) that continuously monitors our network for potential threats. The SOC combines automated tools and human expertise to detect, analyze, and respond

to security events in real time

realfast employs a 24/7

Security Operations Center (SOC) that continuously monitors our network for potential threats. The SOC combines automated tools and human expertise to detect, analyze, and respond to security events in real time

Zero Trust Architecture

We are designing our systems based on the principles of Zero Trust. This means that no user or device is automatically trusted, regardless of whether they are inside or outside the network perimeter. Every access request is authenticated, authorized, and encrypted before access is granted.

Zero Trust Architecture

Zero Trust Architecture

We are designing our systems based on the principles of Zero Trust. This means that no user or device is automatically trusted, regardless of whether they are inside or outside the network perimeter. Every access request is authenticated, authorized, and encrypted before access is granted.

With code, it’s better to be
safe than sorry.

With code, it’s better to be
safe than sorry.

With code, it’s
better to be safe
than sorry.

Static Code Analysis

Static Code Analysis

Static Code Analysis

Secure Development Training

Secure Development Training

Secure Development Training

Web Application Firewall

Web Application Firewall

Web Application Firewall

Strict Access Control —
because it's your data, not ours.

Strict Access Control —
because it's your data, not ours.

Strict Access Control —
because it's your data, not ours.

Data Access
Data Access

At realfast, we adhere strictly to the principle of least privilege. Access permissions are granted based solely on an individual's job function and business requirements. We conduct periodic access reviews to ensure these permissions remain appropriate and are revoked promptly when no longer needed.

At realfast, we adhere strictly to the principle of least privilege. Access permissions are granted based solely on an individual's job function and business requirements. We conduct periodic access reviews to ensure these permissions remain appropriate and are revoked promptly when no longer needed.

At realfast, we adhere strictly to the principle of least privilege. Access permissions are granted based solely on an individual's job function and business requirements. We conduct periodic access reviews to ensure these permissions remain appropriate and are revoked promptly when no longer needed.

Data Access
Logging
Logging

We employ a robust Security Incident and Event Monitoring (SIEM) solution to centrally collect and analyze logs from all critical systems. This allows us to constantly monitor system activity and detect any potential security events. Automated alerts are configured to immediately notify our security team of any suspicious activities.

We employ a robust Security Incident and Event Monitoring (SIEM) solution to centrally collect and analyze logs from all critical systems. This allows us to constantly monitor system activity and detect any potential security events. Automated alerts are configured to immediately notify our security team of any suspicious activities.

We employ a robust Security Incident and Event Monitoring (SIEM) solution to centrally collect and analyze logs from all critical systems. This allows us to constantly monitor system activity and detect any potential security events. Automated alerts are configured to immediately notify our security team of any suspicious activities.

Logging
Password Security
Password Security

Our internal password policies are fully aligned with the stringent requirements of ISO 27001. All employees are required to use a password manager to ensure the use of strong, unique passwords across all systems. For access to particularly sensitive systems, we enforce the use of multi-factor authentication (MFA) to provide an additional layer of security.

Our internal password policies are fully aligned with the stringent requirements of ISO 27001. All employees are required to use a password manager to ensure the use of strong, unique passwords across all systems. For access to particularly sensitive systems, we enforce the use of multi-factor authentication (MFA) to provide an additional layer of security.

Our internal password policies are fully aligned with the stringent requirements of ISO 27001. All employees are required to use a password manager to ensure the use of strong, unique passwords across all systems. For access to particularly sensitive systems, we enforce the use of multi-factor authentication (MFA) to provide an additional layer of security.

Password Security

But protecting your data starts
with protecting our own.

But protecting your data starts
with protecting our own.

But protecting your data starts with protecting
our own.

Email Protection

Email Protection

Email Protection

Employee Training

Employee Training

Employee Training

Incident Response

Incident Response

Incident Response

Internal Assessments

Internal Assessments

Internal Assessments

We also utilize a compliance and audit readiness solution that provides

We also utilize a compliance and audit readiness solution that provides

We also utilize a compliance and audit readiness solution that provides

Expect nothing less than the best infrastructure.

Expect nothing less than the best infrastructure.

Expect nothing less than the best infrastructure.

Amazon Web Services (AWS)

Amazon Web Services (AWS)

realfast's infrastructure is built on the secure and compliant foundation of Amazon Web Services (AWS) – Mumbai region. By using AWS, we inherit the benefits of their world-class physical security measures. These include strict access controls for data centers, 24/7 monitoring, and regular audits to ensure adherence to industry best practices.


AWS also provides us with critical security features such as encryption for data at rest, robust network segmentation, and advanced tools for monitoring and logging.

realfast's infrastructure is built on the secure and compliant foundation of Amazon Web Services (AWS) – Mumbai region. By using AWS, we inherit the benefits of their world-class physical security measures. These include strict access controls for data centers, 24/7 monitoring, and regular audits to ensure adherence to industry best practices.


AWS also provides us with critical security features such as encryption for data at rest, robust network segmentation, and advanced tools for monitoring and logging.

Securing Production

Environment

Securing Production

Environment

We use AWS VPCs and IAM policies to isolate our production environment. Systems from one environment are not permitted to communicate with other environments.

We use AWS VPCs and IAM policies to isolate our production environment. Systems from one environment are not permitted to communicate with other environments.

Anti-DDoS

Anti-DDoS

We plan to implement an industry-standard web application firewall (WAF) to protect our services from DDoS attacks and help deter attempts to exploit common vulnerabilities.

We plan to implement an industry-standard web application firewall (WAF) to protect our services from DDoS attacks and help deter attempts to exploit common vulnerabilities.

Business Continuity and

Disaster Recovery

Business Continuity and

Disaster Recovery

We are establishing a business continuity and disaster recovery (BC/DR) program. This includes a BC/DR plan, business impact analysis (BIA), risk assessments, and procedures for monitoring and improving the program.


The plan guides responding, recovering, and resuming operations during severe events, to ensure essential business processes remain operational. It covers the personnel, resources, services, and actions required for this.


The BC/DR plan will be tested annually.

We are establishing a business continuity and disaster recovery (BC/DR) program. This includes a BC/DR plan, business impact analysis (BIA), risk assessments, and procedures for monitoring and improving the program.


The plan guides responding, recovering, and resuming operations during severe events, to ensure essential business processes remain operational. It covers the personnel, resources, services, and actions required for this.


The BC/DR plan will be tested annually.

Anti-DDoS

We plan to implement an industry-standard web application firewall (WAF) to protect our services from DDoS attacks and help deter attempts to exploit common vulnerabilities.

Securing Production

Environment

We use AWS VPCs and IAM policies to isolate our production environment. Systems from one environment are not permitted to communicate with other environments.

Business Continuity and

Disaster Recovery

We are establishing a business continuity and disaster recovery (BC/DR) program. This includes a BC/DR plan, business impact analysis (BIA), risk assessments, and procedures for monitoring and

improving the program.The plan guides responding, recovering, and resuming operations during severe events, to ensure essential business processes remain operational. It covers the personnel, resources, services, and actions required for this.

The BC/DR plan will be tested annually.

Amazon Web Services (AWS)

realfast's infrastructure is built on the secure and compliant foundation of Amazon Web Services (AWS) – Mumbai region. By using AWS, we inherit the benefits of their world-class physical security measures. These include strict access controls for data centers, 24/7 monitoring, and regular audits to ensure adherence to industry best practices.


AWS also provides us with critical security features such as encryption for data at rest, robust network segmentation, and advanced tools for monitoring and logging.

End-to-end security for all your devices and data.

End-to-end security for all your devices and data.

End-to-end security for all your devices and data.

Disk Encryption

Disk Encryption

Disk Encryption

All realfast-issued devices are required to have full disk encryption enabled. This ensures that data stored on these devices remains secure even in the event of loss or theft.

All realfast-issued devices are required to have full diskcencryption enabled. This ensures that data stored on these devices remains secure even in the event of loss or theft.

All realfast-issued devices

are required to have full disk encryption enabled. This ensures that data stored on these devices remains secure even in the event of loss or theft.

Device Monitoring

Device Monitoring

Device Monitoring

We employ a Mobile Device Management (MDM) solution to enforce security policies on all corporate endpoints. realfast enforces encryption, strong password policies, and automatic locking, and keeps operating systems and security patches

up-to-date.

We employ a Mobile Device Management (MDM) solution to enforce security policies on all corporate endpoints. realfast enforces encryption, strong password policies, and automatic locking, and keeps operating systems and security patches up-to-date.

We employ a Mobile Device Management (MDM) solution to enforce security policies on all corporate endpoints. realfast enforces encryption, strong password policies, and automatic locking, and keeps operating systems and security patches up-to-date.

Threat Detection

Threat Detection

Threat Detection

We use AWS's managed threat detection service to proactively identify and respond to potential threats. This service continuously monitors endpoints for any signs of malware, unauthorized access, or other suspicious activities. When threats are detected, the service notifies you immediately and recommends potential remedies.

We use AWS's managed threat detection service to proactively identify and respond to potential threats. This service continuously monitors endpoints for any signs of malware, unauthorized access, or other suspicious activities. When threats are detected, the service notifies you immediately and recommends potential remedies.

We use AWS's managed threat detection service to proactively identify and respond to potential threats. This service continuously monitors endpoints for any signs of malware, unauthorized access, or other suspicious activities. When threats are detected, the service notifies you immediately and recommends potential remedies.

Your data — safe in transit and at rest.

Data Encryption

We use AES-256 Encryption for data at rest, and TLS 1.2+ Encryption for data in transit. Realfast avoids storing sensitive customer information wherever possible. For example, your credit card numbers related to billing are not stored on our systems and instead reside with our sub-processors.

Data Backups

We use AWS AP-South-1 for automated backups. Backups are encrypted and are retained for at least 30 days, with access restricted by user role in AWS.

Physical Security

Our data centers are hosted by Amazon Web Services (AWS), which makes our security as good as AWS’s Physical Security controls.

Data Encryption

We use AES-256 Encryption for data at rest, and TLS 1.2+ Encryption for data in transit. Realfast avoids storing sensitive customer information wherever possible. For example, your credit card numbers related to billing are not stored on our systems and instead reside with our sub-processors.

Data Backups

We use AWS AP-South-1 for automated backups. Backups are encrypted and are retained for at least 30 days, with access restricted by user role in AWS.

Physical Security

Our data centers are hosted by Amazon Web Services (AWS), which makes our security as good as AWS’s Physical Security controls.

Data Encryption

We use AES-256 Encryption for data at rest, and TLS 1.2+ Encryption for data in transit. Realfast avoids storing sensitive customer information wherever possible. For example, your credit card numbers related to billing are not stored on our systems and instead reside with our sub-processors.

Data Backups

We use AWS AP-South-1 for automated backups. Backups are encrypted and are retained for at least 30 days, with access restricted by user role in AWS.

Physical Security

Our data centers are hosted by Amazon Web Services (AWS), which makes our security as good as AWS’s Physical Security controls.

Our Commitment to You

Our commitment to you

At realfast, security isn't an afterthought – it's the foundation upon which everything else is built. We are constantly evaluating and evolving our practices to stay ahead of emerging threats, so you can focus on your business with the peace of mind that your data is in good hands.


Have questions or concerns? Our security team is always happy to chat.

Reach us at security@realfast.ai.

At realfast, security isn't an afterthought – it's the foundation upon which everything else is built. We are constantly evaluating and evolving our practices to stay ahead of emerging threats, so you can focus on your business with the peace of mind that your data is in good hands.


Have questions or concerns?

Our security team is always happy to chat.

Reach us at security@realfast.ai.

At realfast, security isn't an afterthought – it's the foundation upon which everything else is built. We are constantly evaluating and evolving our practices to stay ahead of emerging threats, so you can focus on your business with the peace of mind that your data is in good hands.


Have questions or concerns?

Our security team is always happy to chat. Reach us at security@realfast.ai.