Our approach to security

Security is a foundation, not a feature

Support conversations contain sensitive customer data. Here is how SupportWize is built to protect it — described honestly, in terms of the measures we actually implement.

Encryption of secrets at rest

Channel tokens and other sensitive credentials are encrypted at rest using AES-256-GCM.

Strong authentication

JWT-based authentication with passwords hashed using Argon2id — a modern, memory-hard algorithm.

Role-based access control

Owner, Admin and Agent roles enforce least-privilege access to features and data.

Webhook signature verification

Incoming WhatsApp webhooks are verified with HMAC-SHA256 signatures so only authentic events are processed.

Per-tenant data isolation

Each workspace is isolated as its own tenant, so one organization can never access another’s data.

Audit logging

Sensitive administrative actions are recorded in an audit log for accountability and review.

Rate limiting

API rate limiting helps protect the platform against abuse and brute-force attempts.

Encryption in transit

All traffic runs over HTTPS, and real-time connections use secure WebSockets (WSS).

A note on certifications

SupportWize is a new product from SimpliRide. We describe the security measures we build into the platform rather than certifications we do not yet hold. As we grow, we intend to invest further in formal compliance. If you have specific security requirements, we would be glad to discuss them.

Have a security question or want to report a concern? Reach us at [email protected].

Support your customers with confidence

Get started free, or talk to us about your team’s security needs.