Your team's data is safe with us
Encryption, EU data residency, compliance commitments, and zero default employee monitoring.
Encryption
All data is encrypted at rest with AES-256 and in transit with TLS 1.3. Database backups are encrypted with separate keys.
Data residency
Primary hosting in EU regions (Frankfurt and Stockholm). Enterprise customers can specify US or GCC residency. Sub-processors published with notification on change.
Compliance
GDPR, UK GDPR, CCPA, Saudi PDPL, UAE Federal Decree-Law 45. SOC 2 Type II in progress (Q3 2026). DPAs available on request.
Access control
Role-based access, SSO/SAML on Enterprise, audit logs for admins, mandatory 2FA for elevated roles.
Privacy by default
No activity tracking. No keystroke logging. No screen capture. Meeting recording is opt-in per call with consent notice to all participants.
Vulnerability management
Quarterly penetration testing. Continuous dependency scanning. Bug bounty program for verified researchers. 72-hour breach notification SLA.
Security FAQ
Where is Remotly hosted?+
Primary hosting in EU (Frankfurt + Stockholm). Enterprise contracts can specify US or GCC data residency.
Can you sign a Data Processing Agreement?+
Yes. Standard DPA available on request, with options to customize sub-processor terms for Enterprise contracts.
Do you support SSO and SAML?+
Yes, on the Enterprise plan. SAML 2.0 with Okta, Azure AD, Google Workspace, and JumpCloud out of the box.
Is Remotly HIPAA-ready?+
BAAs available on Enterprise contracts. Healthcare customers should contact us to scope the implementation.
Need a DPA or compliance report?
Contact our compliance team