We consider security and privacy to be core functions of our platform. Earning and keeping the trust of our customers is our top priority. Recurrency is committed to maintaining the highest level of security for our platform and our users. We understand the importance of keeping our platform secure and take proactive measures to ensure the safety of our user's data.

If you have any questions, please contact [email protected].

Recurrency provides a web-based, SaaS service that creates an ERP optimization engine for distributors. To use our service, you must grant us read access to your ERP data through a secure connection. We provide an installer and offer support to properly configure this within your corporate network. Users will then interact with the data through our web application at https://app.recurrency.com.

Recurrency’s security policies are aligned with industry standard best practices such as those outlined in SOC2 and ISO27001. We are proud to have achieved our SOC 2 certification, which we can share upon request and under NDA. We frequently review and update our policies and standards to ensure that we continue to meet industry standards and stay up to date with the latest threats and vulnerabilities.

We take security very seriously and have implemented rigorous measures to protect our customers' data. Our security practices include a combination of automated testing, manual code reviews, and ongoing logging and monitoring to detect and address vulnerabilities in our applications. We also enforce strict access controls and use encryption to safeguard data in transit and at rest.

Our team regularly evaluates and updates our security practices to stay ahead of emerging threats and vulnerabilities.

Data within Recurrency’s systems is encrypted at rest and in transit.

At rest, in our systems, including both our staging and production databases, data is encrypted using AES-256.

For data in transit between user devices and our web application, data is encrypted using HTTPS with at least TLSv.12.

For data in transit between your ERP database and our systems we default to encrypting data using at least TLSv1.2. However, we recognize that some customers may have specific server configurations that do not support TLSv1.2 and are still operating on TLSv1.0. In such circumstances, while we strongly recommend and prioritize TLSv1.2 for secure data transmission, we may need to accommodate your server limitations and lower the encryption standard accordingly.

Please note that we continuously work with our customers to ensure the highest level of security. We actively encourage customers with TLSv1.0 configurations to upgrade to TLSv1.2 or above in order to maintain optimal security standards for data in transit.

Recurrency does not store customer data in our corporate offices. Recurrency utilizes industry-leading Amazon Web Services (AWS) for providing our cloud-based services. AWS is responsible for securing their data centers and more information can be found on their website at https://aws.amazon.com/compliance/data-center/controls/.

The Recurrency application employs a variety of configurable administrative controls for application administrators to customize access and control within their Recurrency deployment.

Users interact with the Recurrency product at https://app.recurrency.com. All data is encrypted in transit using HTTPS with at least TLSv1.2.

Within the Recurrency application, customers can configure SSO with Microsoft Azure AD to control the authentication/authorization parameters for your organization.

The Recurrency application assigns specific roles to users that limits what data they can see and edit. Our Customer Success and Solutions Engineering teams can work with you to ensure you’ve configured each user with the right roles and permissions.

Recurrency supports an administrator role that provides customers with the ability to manage their specific instance. Admins can work with Recurrency’s Success and Solution Engineering teams to create and assign roles to other users, ensuring each user has only the permissions necessary to complete their job function.

Recurrency prioritizes the security of our customers' data and we are committed to maintaining the highest standards of operational security. Our teams work diligently to mitigate security risks and uphold stringent data security standards. We understand that trust is paramount in our industry, and we want to assure our customers that their data is in safe hands.

In order to offer the Recurrency services to customers, a limited subset of employees have write access to the production environment where this data is stored. This access is limited to the engineers and support personnel critical to maintaining our services.

All access is logged and monitored. Any access to the production environment must be done from company-issued devices and requires MFA.

Employee workstations are centrally managed and configured.

Each device is encrypted and configured with FileVault. Our central device management system allows for remote disablement and wiping of a given device.

We have a detailed incident response plan that outlines how we will detect, respond to, and recover from security incidents or outages. We have team members on call 24x7x365 to rapidly respond to incidents.

Postmortems are conducted promptly after an incident, allowing us to analyze and document the incident, identify areas for improvement, and develop actionable recommendations. Through this process, we aim to constantly enhance our incident response procedures, minimize the risk of future incidents, and maintain a robust security posture.

To ensure optimal performance and minimize any potential disruptions, we have implemented comprehensive monitoring and reporting mechanisms. These tools allow us to closely track the performance of the querying process. In the event that we detect any anomalies or suspect issues, we proactively take action.

Recurrency’s cloud-based infrastructure enables regular security assessments, continuous patching, and additional security features built directly into the platform. These features ensure the continued availability of your data.

At Recurrency, we understand the importance of data privacy and are committed to protecting our customers' data. We take significant measures to protect our customers' data from unauthorized access, use, or disclosure. We follow industry-standard best practices and comply with applicable laws and regulations to ensure that our customers' personal information is safe and secure.

We collect and use data only for the purposes of providing our services to our customers. We do not sell customer data to third parties for any reason. We only share customer data with third-party service providers who have agreed to maintain the confidentiality and security of our customers' data.

Recurrency will only collect Personally Identifiable Information (PII) which is reasonably necessary to accomplish the legitimate business purpose for which it is collected; limiting the time PII is retained to what is reasonably necessary to accomplish such purpose; and limiting access to those persons who are reasonably required to have access to PII in order to accomplish such purpose or to comply with state or federal record retention requirements. This data is encrypted in our production database using AES-256 encryption.

For more information on what data we collect and how we use it, visit our terms of service and privacy policy at https://www.recurrency.com/terms.

Recurrency has implemented a daily automated backup system to ensure the safety and security of our data. This process runs automatically every day, and in the unlikely event of a system failure or data loss, we can quickly restore our systems with minimal data loss. Backups are encrypted at rest using AES-256 encryption.

Recurrency prioritizes the evaluation and selection of third-party vendors who play a crucial role in providing services or handling data on our behalf. We understand the significant impact that these vendors have on our operations and, ultimately, the security of our customers' data. We undertake a thorough vetting process to ensure that our chosen vendors align with our stringent standards and commitment to data protection.

As part of our due diligence process, we review the vendor's online security documentation, such as their privacy policy, security certifications, and any other relevant materials. We also have legal agreements with these organizations that set contractual standards for how they must treat our data.

Key factors we look for and evaluate within each vendor include their track record of security incidents and breaches, their compliance with relevant regulations and industry standards, their policies and procedures around data handling, and their overall security posture.

We place a high priority on vendor security and regularly monitor their uptime. Additionally, we review vendors' security postures to ensure they meet our standards and expectations. If a vendor's security posture changes or if we become aware of any security incidents or breaches, we can take immediate action to review and address the situation.

Recurrency is designed to provide teams with enhanced visibility into their ERP data while leveraging machine learning algorithms to identify trends and patterns for actionable insights.

To achieve this, it is necessary for our system to have access to a subset of your ERP data. By maintaining a replica of your data, we ensure that your original ERP system remains unaffected, and any operations performed within Recurrency are isolated from your production environment. This approach guarantees the integrity, security, and availability of your data while providing you with the valuable insights and recommendations that Recurrency delivers.

Recurrency provides an installer to allow you to set up the necessary components so that our service can communicate with your backend database. Our Solution Engineering team will work with your IT administrators to provide the necessary data elements to successfully configure this integration.

The application you install will then open a secure connection with Recurrency’s services using at least TLSv1.2 to encrypt the data in transit.

We’ve developed our integration service with scalability and performance in mind. The service is designed to prevent overburdening your database and it respects timeouts and retries requests. To ensure optimal performance and minimize any potential disruptions, we have implemented comprehensive monitoring and reporting mechanisms. These tools allow us to closely track the performance of the querying process. In the event that we detect any anomalies or suspect issues, we proactively take action. This may include adjusting the frequency of requests to alleviate any strain on your system or network.

We aim to query your database as frequently as possible, typically within a timeframe of minutes. However, it's important to note that the exact timing of our queries may vary based on factors such as network conditions and system load.

After the initial sync, our system will continue to pull incremental changes at a regular frequency.

Users can also use Recurrency to write data back to your ERP, such as creating a new purchase order, or a new sales quote. If you are also using these Recurrency features, we immediately send those write requests to your ERP database.

To ensure optimal performance and minimize any potential disruptions, we have implemented comprehensive monitoring and reporting mechanisms. These tools allow us to closely track the performance of the querying process. In the event that we detect any anomalies or suspect issues, we proactively take action. This may include adjusting the frequency of requests to alleviate any strain on your system or network.