Security is a foundation, not a feature
Support conversations contain sensitive customer data. Here is how SupportWize is built to protect it — described honestly, in terms of the measures we actually implement.
Encryption of secrets at rest
Channel tokens and other sensitive credentials are encrypted at rest using AES-256-GCM.
Strong authentication
JWT-based authentication with passwords hashed using Argon2id — a modern, memory-hard algorithm.
Role-based access control
Owner, Admin and Agent roles enforce least-privilege access to features and data.
Webhook signature verification
Incoming WhatsApp webhooks are verified with HMAC-SHA256 signatures so only authentic events are processed.
Per-tenant data isolation
Each workspace is isolated as its own tenant, so one organization can never access another’s data.
Audit logging
Sensitive administrative actions are recorded in an audit log for accountability and review.
Rate limiting
API rate limiting helps protect the platform against abuse and brute-force attempts.
Encryption in transit
All traffic runs over HTTPS, and real-time connections use secure WebSockets (WSS).
A note on certifications
SupportWize is a new product from SimpliRide. We describe the security measures we build into the platform rather than certifications we do not yet hold. As we grow, we intend to invest further in formal compliance. If you have specific security requirements, we would be glad to discuss them.
Have a security question or want to report a concern? Reach us at [email protected].
Support your customers with confidence
Get started free, or talk to us about your team’s security needs.