Security at reCore
ITAD operations handle sensitive data and regulated assets. We treat security and compliance as core infrastructure, not afterthoughts.
Encryption in transit and at rest
All HTTP and WebSocket connections use TLS 1.2+. Database storage is encrypted at the volume level. Session tokens are hashed before storage.
Session-based authentication
Short-lived session tokens with server-side validation. No long-lived JWTs. Tokens are invalidated on logout and expire automatically.
Multi-tenant data isolation
Every database query is scoped to the authenticated tenant. Cross-tenant data access is blocked at the ORM layer, not just the API.
Audit trails
Immutable billing event ledger with database constraints. Certificate verification tracks operator, verifier, and timestamps for chain-of-custody compliance.
Infrastructure security
Containerized deployment with isolated networks. PostgreSQL connections restricted to internal Docker network. Redis not exposed externally.
NIST SP 800-88 Rev 2 compliance
Wipe certificates include SHA-256 file integrity hashes. Separation of duties enforced -- the verifier cannot be the operator. Full chain-of-custody metadata.
Standards and certifications
- NIST SP 800-88 Rev 2 -- Media Sanitization Guidelines
- R2 (Responsible Recycling) certification support
- e-Stewards certification support
- SOC 2 Type II controls alignment (in progress)
Responsible disclosure
Found a vulnerability? We appreciate responsible disclosure. Please email our security team directly and we will respond within 48 hours.
Report a vulnerability