Security
How we protect your data and your AI employees.
RIRD handles sensitive business data on behalf of your AI employees -- messages from customers, browsing activity, and workflow outputs. We take practical steps to keep this data secure without overpromising. Here is exactly what we do.
Encryption
- -- All traffic encrypted via TLS 1.2+ (HTTPS everywhere)
- -- Database connections encrypted in transit
- -- API keys and secrets stored as environment variables, never in code
- -- Stripe handles all payment data -- we never see or store card numbers
Authentication
- -- Magic link email authentication (no passwords to leak)
- -- License key validation for desktop agents with device fingerprinting
- -- API keys for programmatic access with rate limiting
- -- Session tokens with automatic expiration
Infrastructure
- -- Cloud-hosted on hardened Linux servers
- -- Firewall rules restrict access to necessary ports only
- -- Internal services (AI gateway, database) bound to loopback -- not exposed to the internet
- -- Automated process management with health checks and auto-restart
AI and Data Handling
- -- AI conversations are scoped per employee -- no cross-contamination between accounts
- -- We do not use your data to train AI models
- -- Browser automation runs in isolated sessions
- -- Webhook payloads validated and rate-limited per channel
Payment Security
- -- All payments processed by Stripe (PCI DSS Level 1 certified)
- -- We never store, process, or transmit credit card data
- -- Subscription management handled entirely through Stripe's secure portal
Transparency
We are a small, focused team. We do not hold SOC 2, ISO 27001, or other formal certifications at this time. We follow industry best practices for web application security and continuously improve our posture. If you have specific security requirements, contact us and we will work with you directly.