Application Security
We follow industry standards, such as the OWASP Top 10 and best practices for our technology stack, to build security into our platform during development and testing. In addition, Rithum engages with third-party security experts to perform manual web application and network penetration testing on a regular basis. Rithum clients are prevented from accessing the data of other clients through a robust application security model, which is reapplied with every request and enforced for the duration of a user session.
Data Protection & Privacy
To assist companies in selling and advertising their products online, Rithum may collect personal data on our customer’s behalf. We maintain technical and organizational processes and protections for personal data in compliance with the regulatory regimes under which Rithum operates, including the EU’s General Data Protection Regulation and the California Consumer Privacy Act. Personal data is retained only as long as needed to perform our contractual obligations, or for other legitimate business reasons.
Availability
Rithum’s continuous delivery approach to application development means we can deliver changes and upgrades to our applications without impact to availability. Rithum uses a suite of monitoring tools to monitor the availability of its services and provide real time alerting to our teams in the event a service becomes unavailable. In addition, we monitor systems for resource utilization to avoid negative impacts on service availability.
Access Control
Rithum allows customers to create unique, individual logins and manage the access level for each individual user in their organization. Customers define roles and groups, giving them the ability to enforce role-based access controls to specific modules in our system.
Data Encryption
Rithum encrypts all personal data in transit and at rest. Rithum uses industry accepted secure protocols and encrypts data at rest with AES 256 bit encryption.
Security & Privacy Training
All Rithum employees receive security and data privacy training on an annual basis.
Vulnerability Management
Rithum keeps up-to-date on any breaking security alerts, software and system patches, and other relevant updates via the CERT/CC industry alert subscription list and repository. Rithum also monitors security alerts from vendors and partners. The necessary updates or patches are applied to the system with priority based on the severity of the issue.
Physical Security
Rithum’s production servers are located in a data center co-location and in cloud service provider environments. The facilities have relevant industry certifications and provide state-of-the-art network operations centers, advanced security and monitoring systems, sophisticated fire suppression systems and redundant utility transformers, generators, automatic transfer switches, main switch panels, and uninterruptible power supplies.
Perimeter Defense
Rithum’s team has installed redundant firewalls and intrusion detection systems to monitor and protect the network perimeter. System servers and firewall log files are continuously scanned and monitored by automatic applications that record performance and availability.
Operating Systems and Subsystems
Rithum protects its operating systems by using a minimal number of access points to all production servers and enforcing strong authentication and authorization for access. Operating systems are strengthened by continuous maintenance, including updating patch levels for security, and disabling and removing unnecessary users, protocols, and processes.
Compliance and Attestations
Cloud Security Aliance
AICPA SOC
Security and Data Privacy Standards
GDPR
Rithum has taken all necessary steps and maintained processes and protections for personal data in compliance with the General Data Protection Regulation of the European Union (“GDPR”). For information on how Rithum complies with the GDPR, please visit the FAQs page below.
View GDPR FAQsCCPA
Rithum does not sell personal data and our data handling practices comply with the California Consumer Privacy Act (“CCPA”). For information on how Rithum complies with the CCPA, please visit the FAQs page below.
View CCPA FAQs