Skip to main content

Security

Last updated: [DATE PENDING]DRAFT — pending technical and legal review

Reinven Technologies operates inside customer enterprise environments where data sensitivity, regulatory exposure, and operational risk are high. Our security posture is built around three principles: protect customer data, build compliant systems, and earn audit-grade trust. This page describes the controls and practices that support those commitments.

Data protection

Encryption in transit. All data transmitted between Reinven systems and customer environments uses TLS 1.2 or higher. The reinven.com website is served exclusively over HTTPS with HSTS enabled.

Encryption at rest. Customer data stored within Reinven-managed systems is encrypted at rest using industry-standard algorithms (AES-256 or equivalent). Where engagement work uses customer cloud environments, we adopt the encryption posture defined by the customer.

Minimum data collection. We collect the minimum customer data necessary to deliver an engagement. Personal data not required is not exported from customer systems.

Access controls

Role-based access controls restrict customer data access to the engagement team. Multi-factor authentication is required for all Reinven employee accounts that touch customer environments. Access is revoked promptly at engagement end and on personnel changes.

Engagement infrastructure

Where engagements involve building production infrastructure in customer environments, we adopt the customer's existing security baseline (cloud security controls, identity provider, audit logging, etc.). Where Reinven hosts engagement assets (project workspaces, documentation), we use SOC 2-compliant providers with appropriate data residency.

Compliance

Phase 2 Delivery engagements include explicit compliance infrastructure as a named deliverable: encryption, access controls, audit trails, data subject request handling, and right-to-be-forgotten workflows. We are fluent in PDPA Singapore, PDPA Malaysia, PDPA Thailand, Indonesia data residency requirements, and Vietnam cybersecurity rules.

Incident response

If a security incident affects customer data, we follow a defined incident response process: containment, investigation, customer notification, post-incident review. Notification to affected customers and relevant regulators is made in accordance with applicable law (typically within 72 hours of confirmation).

Personnel

All Reinven employees and contractors are subject to confidentiality obligations under their engagement agreements. Background checks are performed where appropriate and as customer engagement context requires. Annual security awareness training is required for all personnel.

Subprocessors

We engage a small set of subprocessors for hosting, communications, and infrastructure (such as Netlify for website hosting, common cloud productivity providers). Where engagement work requires additional subprocessors, the customer is informed and consent is obtained.

Vulnerability disclosure

If you believe you have identified a security vulnerability in reinven.com or in a system Reinven operates, contact us at hello@reinven.com with subject line "Security Disclosure". We commit to acknowledging within 5 business days and working in good faith to address validated issues.

Contact

For all security enquiries: hello@reinven.com. Postal: Reinven Technologies Pte Ltd, 22 Sin Ming Lane #06-76 Midview City, Singapore 573969.

This draft describes the intended security posture and requires technical review and ratification by the Reinven engineering and operations leadership, and legal review for the incident response and notification commitments, before publication.