Skip to content

Security and Privacy at Ritual

At Ritual, we take the security and privacy of your data seriously. This document outlines our comprehensive approach to protecting your information and ensuring the integrity of our platform.

Data Security

  • Event Monitoring and Logging
    We enable comprehensive logging on all critical systems, capturing events such as authentication attempts, application access, administrator actions, and system changes. A cloud-based monitoring and log management service provides centralized log ingestion, analysis, and automated alerting, allowing us to:

    • Collect logs from across our infrastructure
    • Set custom metrics and alarms based on log patterns or thresholds
    • Create real-time dashboards for system health and security events
    • Configure alerts to notify our security team of potential issues
    • Perform log analysis to identify trends or anomalies

    This approach helps us maintain visibility into our systems’ security status, quickly detect potential incidents, and respond promptly.

  • Backups & Disaster Recovery
    Our infrastructure is designed for high durability and availability. We perform automated daily backups of all customer and system data, which are encrypted and monitored. Periodic restore tests ensure our disaster recovery processes remain reliable. If needed, we can scale to additional regions or data centers to maintain service continuity.

  • Data Erasure
    As the controller of your data, you may request data deletion or perform self-service deletion, subject to any legal or regulatory retention requirements. We strive to process deletion requests within a clearly defined timeframe, ensuring timely removal of the requested data.

  • Encryption

    • At Rest: Customer data is encrypted using AES-256 in our cloud storage, databases, and backups.
    • In Transit: All data is encrypted using TLS 1.2 or higher when transferred between systems or over the internet.
    • Key Management: We use a secure key management solution to generate, store, and rotate encryption keys.

  • Physical Security
    We rely on leading cloud service providers for infrastructure hosting and physical security controls. These providers adhere to industry-recognized certifications and standards (e.g., ISO 27001, SOC 2) for data center operations.

Application Security

  • Code Analysis
    Our security and development teams conduct threat modeling, secure design reviews, code audits, and regular security scans on new releases and updates. We also leverage Infrastructure as Code (IaC) to ensure consistent, repeatable, and secure deployments.

  • Software Development Lifecycle (SDLC)
    We follow a defined SDLC that includes security reviews in the design phase, code audits, and post-launch vulnerability management. This process is continually refined to align with SOC 2 best practices.

  • Credential Management
    We use a third-party Key Management Service (KMS) for secure key generation, storage, access control, and rotation. No secrets or credentials are stored in code repositories, and access follows the principle of least privilege.

  • Vulnerability & Patch Management
    We perform regular vulnerability scanning and package monitoring, prioritizing and resolving issues based on severity. Critical patches are applied promptly to minimize exposure to known threats.

Access Control

  • Data Access
    We adhere to the principle of Least Privilege, granting access strictly based on job function and business requirements. Access privileges are reviewed periodically to ensure they remain appropriate.

  • Logging
    Our logging solution integrates with our event monitoring setup, providing automated logging and alerting for critical systems. This helps detect suspicious activity and maintain audit trails.

  • Password Security
    We enforce stringent password management policies and require multi-factor authentication (MFA) wherever possible to reduce unauthorized access risks.

Infrastructure Security

  • Anti-DDoS
    We use third-party solutions and cloud-native tools to protect against Distributed Denial-of-Service (DDoS) attacks, helping maintain service availability.

  • Data Center
    Our platform runs in secured, redundant data center environments managed by our hosting providers. These facilities implement robust physical security and environmental controls.

  • High Availability & Separate Environments
    We maintain separate development, testing, and production environments to prevent inadvertent data exposure. Our production environment is designed for high availability and can scale to additional regions if required.

Product Security Features

  • Domain Management
    Workspace owners can claim ownership over email domains, providing added control through domain management settings.

  • SAML Single Sign-On (SSO)
    Available for Business and Enterprise customers, enabling centralized identity management and streamlined user access.

  • Audit Log
    Workspace owners have access to detailed logs about key security- and safety-related activities, aiding in oversight and compliance.

  • Multi-Factor Authentication (MFA)
    Offered on all plan types for added account protection and reduced unauthorized access risk.

  • Permission Management
    Granular control over user permissions and content access ensures individuals only see and modify what they are authorized to.

  • Teamspace Management
    Tools for workspace owners to manage and adjust teamspace settings, enabling flexible collaboration controls.

Last updated: July 4, 2024