AskReplayIncrease engagement and clarify complex ideas in real time.

Security

Security at AskReplay

Last Updated: June 13, 2026

We take the security of your content and your viewers’ data seriously. This page summarizes the technical and organizational measures we use to protect information in the Service. It is an overview, not a warranty or certification; see our Terms of Service for the governing terms.

Data protection

  • Encryption of data in transit using TLS.
  • Tenant isolation: data is scoped per workspace, with database row-level security policies that restrict access to a user’s own tenant.
  • Authentication via signed, httpOnly session tokens, with server-side verification.
  • Least-privilege access: privileged operations run server-side with scoped service credentials.
  • Rate limiting and abuse controls on public endpoints.

AI and content handling

  • AI answers are grounded in the content you approve and include citations.
  • We do not use Customer Content, viewer questions, or AI answers to train general-purpose AI models, and our AI providers are engaged on terms intended to prevent such training on data submitted through their APIs.
  • Uploaded documents are read for their text and then discarded; the original files are not stored.

Infrastructure and providers

We host on reputable cloud infrastructure and rely on a small set of vetted subprocessors for hosting, database, AI, and payments. See our Subprocessors list and Privacy Policy.

Reporting a vulnerability

If you believe you have found a security vulnerability, please report it to contact@ask-replay.com. We welcome good-faith research and ask that you:

  • give us a reasonable time to investigate and remediate before public disclosure;
  • avoid privacy violations, data destruction, and service degradation;
  • do not access or modify data that is not yours; and
  • provide enough detail to reproduce the issue.

We will not pursue legal action against researchers who act in good faith and in accordance with this policy.

Your part

Security is shared. Keep your credentials confidential, use strong passwords, manage team access carefully, and only publish content you have the right to share. No system is perfectly secure, and we cannot guarantee absolute security.