Security & Trust

Last Updated: January 2, 2026
Applies to Rembeo Mobile (iOS/Android) and Rembeo.com

1. Our Commitment to Data Integrity

Rembeo is built on the principles of transparency, privacy, and system integrity. As a market intelligence and comparison tool, we prioritize the protection of our users and the reliability of the information we provide.

Positioning: Rembeo is designed to align with the principles of SOC 2 (Security, Availability, and Privacy) without claiming formal certification.

2. Encryption & Secure Communications

HTTPS/TLS: All data transmitted between your device and Rembeo services is encrypted using industry-standard TLS/SSL.
Secure links: External retailer links open directly to the retailer’s platform via secure protocols.
No client secrets: Sensitive credentials are not embedded in the client application to prevent reverse-engineering.

3. Privacy-by-Design (Data Minimisation)

We limit data collection to what is strictly needed to operate the service.

No passwords stored: Rembeo uses passwordless login via time-limited verification codes sent to your registered email.
No payments processed: Rembeo does not process, store, or have access to your payment information.
External Pricing: For many items, pricing and availability are verified directly on the retailer's platform to ensure accuracy.
No advertising profiles: We do not engage in cross-site tracking or build behavioral advertising profiles.

4. System Integrity & Access Controls

Least privilege: Access to backend systems is restricted to authorized personnel only.
Change control: All code changes are managed through version control systems and peer-reviewed deployments.
Environment separation: Development, testing, and production environments are strictly separated to mitigate risk.

5. Security Monitoring & Abuse Prevention

We apply purpose-driven monitoring to protect the service from malicious activity and maintain high availability.

Rate limiting: Requests are monitored and may be restricted to prevent denial-of-service attacks.
Minimal logging: We keep limited logs for security auditing (e.g., timestamps and basic request metadata) which are rotated regularly.
No user profiling: System logs are strictly technical and are never used for marketing or commercial profiling.

6. Retailer Compliance & Transparency

Rembeo maintains a clear separation between internal data results and external retailer links to ensure transparency and respect platform requirements.

Direct Referrals: When viewing specific retailer items, Rembeo facilitates a direct connection to the retailer's official platform.
Clear disclosure: We provide clear markers for referral links and maintain compliance with general digital marketing standards.

7. Security Contact

If you believe you’ve found a security vulnerability or have questions about our infrastructure, contact: inquiries@rembeo.com