Refari Data Security

Created by Aaron Refari, Modified on Fri, 23 May at 9:05 PM by Ritesh WebDev

Here at Refari, we are committed to ensuring our client and candidate accounts data is kept safe and secure. We do this by routinely assessing, testing, and improving the technology, controls, processes and procedures that govern the management of our systems.


Access Control

Refari maintains strict access control procedures to ensure that users can only access information relevant to their role and organisational context. Every user’s access is governed by a structured permissions framework that takes into account both company-level membership and individual user roles within that company.


This layered approach ensures that:

  • Users are presented only with the data that is necessary for their responsibilities.

  • Cross-organisational data visibility is restricted to prevent unauthorised access.

  • Administrative functions are isolated to approved personnel with elevated privileges.


Access controls are designed to support both operational efficiency and data confidentiality, ensuring that client, candidate, and organisational data remains appropriately segmented and protected at all times.




SSL & TLS Encryption

Refari is committed to maintaining secure communication channels for all users and clients by enforcing strong encryption standards across the platform and integration points.


Widget and Platform Security

All Refari widgets are designed to be embedded only on websites that have valid SSL certificates. This ensures that candidate and client interactions, including login sessions and application submissions, are securely transmitted over HTTPS. This is particularly important for ensuring secure Single Sign-On (SSO) authentication.


API Communication and Data Transport

All data exchanged between Refari’s frontend, backend, and connected services is encrypted in transit using HTTPS secured by SSL and TLS protocols. Specifically:

  • SSL (Secure Sockets Layer) is used to support legacy compatibility.

  • TLS (Transport Layer Security) is applied to all current connections between Refari's infrastructure, API endpoints, and databases.


This encryption ensures that transmitted data cannot be intercepted or tampered with by unauthorised parties.


Application-Level Protections

Beyond transport-level encryption, Refari also enforces application-layer security measures. These include:

  • Protection against SQL injection through the use of parameterised queries and strict input validation

  • Regular reviews of API access patterns and endpoint configurations

These controls are part of a broader security framework that protects user data and ensures platform resilience.




Data storage and Encryption
Encryption at Rest: All data stored by Refari — including database contents, backups, and snapshots — is encrypted using the Advanced Encryption Standard (AES) with 256-bit keys (AES-256). This encryption is enforced through Amazon RDS, which provides transparent encryption at the storage layer.

Encryption covers:

  • Primary database storage

  • Automated backups

  • Database snapshots

  • Read replicas (if used)

This means that even in the unlikely event of a storage compromise, the data remains inaccessible without decryption keys.


Encryption in Transit

Data transmitted between users and the Refari platform is encrypted using TLS (Transport Layer Security) protocols. This ensures that all communication — including login sessions, API calls, and form submissions — is secured against interception or tampering.


Key Management

Refari leverages the AWS Key Management Service (KMS) for encryption key management. Keys are either:

  • AWS-managed keys, which are automatically created and rotated by AWS, or

  • Customer-managed keys, where applicable, offering additional control over permissions, usage policies, and audit trails.

Encryption keys are never hardcoded or exposed in application logic. Access to key material is tightly controlled and logged within the KMS.


 Information provided by AWS.

Data is stored on the AWS Sydney datacenter ‘Asia Pacific (Sydney)ap-southeast-2’ - data center security can be assessed here. 




Secure Hosting 
The Refari application is hosted by AWS Cloud. AWS security entails data encryption at rest and in-transit, hardware security modules and comprehensive physical security which all contribute to a secure cloud system.

The AWS cloud system provides us with the capability to control, audit and manage identity, configure usage, as well as meet our government and private client’s compliance, governance and regulatory requirements.



Disaster Recovery

Refari maintains a structured disaster recovery plan to ensure platform resilience, business continuity, and the protection of client data in the event of unexpected disruptions. All production data is securely backed up on a daily schedule using automated snapshots, with additional manual backups taken ahead of significant platform changes. In the event of an incident, Refari’s engineering team is equipped to rapidly restore services using the latest backups and redeploy core systems using version-controlled code stored in GitLab. 

These recovery processes are regularly reviewed and supported by tested rollback procedures, allowing us to respond swiftly and confidently to infrastructure issues, code-level faults, or service interruptions. Our approach prioritises both data integrity and minimal downtime, helping to ensure a reliable and consistent experience for our clients.



Management of payment information
In accordance with our payment gateway’s best practice, we do not store full payment details on our Refari servers. Transmitting this data over SSL to Stripe.com for storage and management.  Stripe’s data security information can be found here.




Internal Multi-Factor Authentication & Access Restrictions

Refari enforces strong internal security practices to protect core infrastructure and sensitive operational systems. All team members are required to follow a strict password policy, and access to key services is further protected through the mandatory use of Multi-Factor Authentication (MFA).

MFA is required across all critical environments, including cloud infrastructure, email delivery platforms, and source code repositories. These authentication controls help ensure that access is only granted to verified individuals using secure, authenticated devices.

In addition to authentication requirements, access to production systems such as databases and communication tools is tightly restricted based on role and necessity. Only authorised personnel are granted access to these systems, and privileges are limited to the minimum level required to perform their responsibilities.

This layered security approach helps minimise the risk of unauthorised access and ensures the integrity of customer data and platform services.





Refari Sign-In Multi-Factor Authentication (Available on Request)

Refari enforces a strict password policy to ensure secure account access. In addition to this, clients have the option to request Multi-Factor Authentication (MFA) to further enhance the security of their users' accounts.

MFA can be configured in two ways:

  • User-Level MFA: Allows individual users to enable MFA for their own accounts based on personal preference or security requirements.

  • Organisation-Level MFA Policy: Enables administrators within a client organisation to enforce MFA across all users, ensuring consistent protection across their team.


This optional feature provides an additional layer of security for clients who require more rigorous authentication controls.


Need more information?
Want more information about our Data Security you can email support@refari.co to submit a request as an additional security measure, we do not take meetings to discuss our data security. This is to prevent unvetted information leakage and to prevent malicious actors from using social engineering techniques to gather information in an attempt to find potential vulnerabilities.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article