Rivyt← Back to home

Security

Last updated: April 2026

Rivyt is built to handle sensitive operational knowledge from manufacturing plants. We take security seriously and design the system with privacy and data isolation in mind.

Infrastructure

Rivyt runs on hardened cloud infrastructure operated by SOC 2 compliant vendors:

  • Railway, backend application hosting with automatic TLS, private networking, and environment isolation
  • Vercel, frontend hosting with global CDN and automatic SSL
  • Supabase, authentication, relational database, and file storage, with row-level security enforced at the database layer
  • Pinecone, vector database with per-workspace namespace isolation
  • Cloudflare, DNS and DDoS protection

Data Isolation

Every workspace gets its own isolated namespace in our vector database. No query from one customer can surface content from another customer's documents. Row-level security in our database layer enforces this isolation at every read and write.

Encryption

  • In transit: All traffic is encrypted with TLS 1.2 or higher
  • At rest: Database and file storage are encrypted at rest via Supabase's managed encryption
  • Authentication tokens: JWT-based with short expiration windows

Access Control

  • Five-level role-based access control, owner, admin, workspace admin, member, viewer
  • Per-workspace permissions, users only see what they've been granted access to
  • Audit logging, sensitive actions (uploads, deletions, permission changes) are logged

Authentication

  • Email and password authentication with strong password requirements
  • Account lockout after repeated failed attempts
  • Password reset flows via verified email

AI Model Handling

  • Your uploaded documents are NEVER used to train general-purpose AI models
  • Queries and retrieved content are sent to Anthropic's Claude API for inference only; Anthropic does not retain or train on this content per their API terms
  • Embedding generation uses Voyage AI under similar non-training terms

Incident Response

In the event of a security incident affecting your data, we will notify you without undue delay (target: within 72 hours of confirmation) with:

  • Nature of the incident
  • Data affected
  • Steps we are taking to mitigate
  • Recommended actions on your part

Compliance Roadmap

Rivyt is in pilot phase. We are actively working toward SOC 2 Type II certification. Existing controls are designed around SOC 2 principles and will be formalized through external audit as we scale.

Responsible Disclosure

If you discover a security vulnerability, email security@getrivyt.com. We commit to acknowledging reports within 48 hours and working with researchers in good faith.

Contact

security@getrivyt.com