Security matters to us

A light blue circle with the words "SOC" on it in white.The text "GDPR" inside the European Union logo

At Refuel, maintaining data security and privacy for our customers is a top priority.

We use enterprise-grade security, undergo regular audits and are compliant with SOC 2 and GDPR to ensure you’re always protected. We undergo regular penetration testing and security reviews, and the commitment to security is ingrained in our culture. 

If you have questions about our security practices or programs, please email us at

Application security

A lock icon

Data is encrypted in transit with TLS 1.2. Data is encrypted at rest with AES.

An icon of a shield with a checkmark on it

Third-party penetration, threat, and vulnerability testing.

An icon of a user with a caution symbol

Well-defined incident detection and response programs.

An icon of a user with a checkmark

User access controls with single sign-on.

An icon of a key in a cloud

Refuel's cloud environments are backed by AWS' security measures.

An icon of a checkmark on a mechanical gear

Role-based account access workflows. Approach customer data with the principle of least privilege.

Committed to continuous security

Penetration Testing

We perform a third-party penetration test at least annually to ensure that the security posture of our services is uncompromised.

Security Awareness Training

Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.

Third-Party Audits

Our organization undergoes independent third-party assessments to test our security controls, such as SOC 2.

Roles and Responsibilities

Roles and responsibilities related to our information security program and the protection of our customer’s data are well defined and documented.

Information Security Program

We have an information security program in place that is communicated throughout the organization.

Continuous Monitoring

We continuously monitor our security and compliance status to ensure there are no lapses.