Physical security
Recraft does not operate its own data centers but relies on trusted cloud providers. These providers enforce biometric access, 24/7 monitoring, and escorted visitor access. No Recraft employee or vendor has direct physical access to the servers. A full list of our cloud providers is available on our subprocessors list.System security
Our systems are protected by role-based access controls (RBAC), ensuring that employees can only access the data necessary for their work. We conduct regular vulnerability scans, penetration testing, and continuous monitoring to identify and mitigate risks.Disaster recovery
Recraft maintains a Disaster Recovery Plan. In the event of a disruption, systems can be restored within 24 hours using automated failover procedures and alternate cloud regions. A post-incident review is conducted within five business days to identify root causes and strengthen defenses.Backups
Daily backups are stored in Azure Postgres databases with regional replication and end-to-end encryption. Source code is kept in GitHub and mirrored to Azure to ensure recovery in the event of failure.Authentication and access
Recraft uses a passwordless login system for maximum security and convenience. Authentication relies on email one-time passcodes or federated logins with Google, Discord, or Apple, removing risks associated with password theft or brute-force attacks.FAQ
Q: How secure is my data?A: All data is encrypted in transit and at rest, monitored for unauthorized access, and supported by SOC 2–audited processes. Q: What happens if there is a service disruption?
A: Disaster recovery procedures are designed to restore operations within 24 hours. Q: How secure is login to Recraft?
A: Recraft’s passwordless authentication removes the risks associated with traditional passwords.