Security & Trust

Your data security is our top priority.

Infrastructure Security

Riven AI runs on AWS (us-east-1) with enterprise-grade infrastructure security. Our architecture uses VPC isolation with private subnets, ensuring that internal services are never directly exposed to the public internet. All data is encrypted at rest using AES-256 and in transit using TLS 1.2+. Our Kubernetes clusters run on Amazon EKS with hardened node configurations and automatic security patching.

Authentication & Access Control

We use Better Auth for identity management with support for role-based access control (RBAC), API key authentication, and two-factor authentication (TOTP). All API requests are authenticated using JWT/JWKS tokens with short-lived expiration windows. Session management is handled server-side with secure, HTTP-only cookies. Fine-grained authorization is enforced using the Zanzibar authorization model.

Data Protection

All customer data is encrypted at rest and in transit. We perform regular automated backups with point-in-time recovery capabilities. All data is stored and processed in the United States (us-east-1 region). Upon account deletion, we retain your data for 30 days to allow for recovery, after which it is permanently and irrecoverably deleted.

Audit & Monitoring

Riven AI maintains comprehensive audit logging for all platform actions, including authentication events, data access, configuration changes, and administrative operations. Our observability stack includes Prometheus for metrics, Grafana for dashboards, Loki for log aggregation, and Jaeger for distributed tracing. Real-time alerting is configured for security-relevant events and anomalous behavior.

Compliance

Riven AI is committed to meeting industry-standard compliance requirements:

  • SOC 2 Type II — Continuous monitoring of security controls
  • GDPR — Full compliance with EU data protection regulations
  • ISO 27001 — Information security management system certification
  • CCPA — California Consumer Privacy Act compliance

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a security issue in our platform, please report it responsibly by emailing galgil39@gmail.com with the subject line "Security Vulnerability Report." We will acknowledge receipt within 24 hours and work with you to understand and address the issue. We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to respond and remediate.

For more information, see our Privacy Policy and Terms of Service.