GoRefer Trust Center
Trust Center
Updated April 2026
All systems operational
Updated May 17, 2026
Your data — and your clients' data — deserves a clear explanation of how it's protected. This Trust Center documents GoRefer's security practices, privacy policies, and compliance commitments in plain language so you can make informed decisions.
Every page here maps to a real control in our platform. When we say we encrypt something, we explain exactly how. When we have a limitation or a certification in progress, we say so — because honesty builds more trust than marketing copy.
2×
Independent encryption layers
20+
Security controls documented
72 hr
Breach notification SLA
365 d
Audit log retention
Security & Compliance Posture
Control Domain Scorecard
Encryption
AES-256 at rest + in transit + field-level
Access Control
RBAC, MFA, least privilege, session mgmt
Network Security
WAF, DDoS mitigation, rate limiting, HSTS
Data Protection
PII field encryption, data minimization
Incident Response
P0–P3 SLAs, 72-hr breach notification
Business Continuity
RPO < 1hr · RTO < 4hr · Quarterly DR tests
AI Governance
No training on customer data, audit logged
Compliance
GDPR ✓ · IRS 4557 ✓ · SOC 2 → Q3 2026
Penetration Testing
Annual third-party + continuous scanning
Browse by Topic
Security
Privacy & Data
Legal & Compliance
Our Core Data Commitments
We will never sell your data or your clients' data — to anyone, for any reason.
You can export all of your data, in full, at any time — no lock-in.
Customer data is never used to train AI models.
We will notify you of any data breach within 72 hours of confirmation.
Private Documents
Request access to NDA-protected documents: pentest reports, full DPA, architecture diagrams.
Request Access →
Report a Vulnerability
Found a security issue? Disclose it responsibly via our security contact form.
View Disclosure Policy →
Security Questions
Enterprise procurement, security questionnaires, or general inquiries.
security@gorefer.io →