Skip to content

Security and Privacy at Ritual

At Ritual, we take the security and privacy of customer data seriously. This page provides an overview of the controls, deployment options, and product capabilities we use to help customers meet their security and compliance requirements.

Deployment Models

Ritual supports three deployment models built on the same core application:

  • Shared SaaS — Ritual hosts and operates the platform in a managed multi-tenant environment.
  • Private Cloud — Ritual is deployed into dedicated customer-controlled infrastructure, typically within your cloud environment or VPC.
  • Air-Gapped — The full Ritual stack, including AI components, runs inside your controlled environment with no required external network egress.

Some controls apply across all deployment models, while others depend on whether Ritual or the customer operates the underlying infrastructure.

Data Security

  • Encryption
    Ritual enforces encryption in transit using TLS and encryption at rest for persisted customer data, including databases, object storage, backups, and other platform-managed data stores where applicable.

  • Key Management
    For customer-hosted deployments, Ritual can support customer-controlled key management patterns, including BYOK, where required. Exact key management options depend on the selected deployment model and customer environment.

  • Event Monitoring and Logging
    Ritual maintains logging and monitoring for critical systems to support security visibility, incident response, reliability, and auditability. The exact logging architecture depends on the selected deployment model and operational boundary.

  • Backups & Disaster Recovery
    In Ritual-hosted environments, customer and system data is backed up using encrypted, monitored backup processes designed to support durability and recovery. Backup design, restore testing, and recovery objectives vary based on deployment model, infrastructure scope, and customer requirements.

  • Data Erasure
    Customers may request deletion of their data or perform self-service deletion where supported, subject to applicable legal, regulatory, or contractual retention requirements.

  • Physical Security
    Ritual relies on leading infrastructure providers and customer-controlled environments, as applicable, for physical data center security. These environments generally align to industry-recognized operational and security standards.

Application Security

  • Secure Development Practices
    Ritual’s security and development teams use security review processes that may include threat modeling, secure design review, code review, and release validation.

  • Software Development Lifecycle (SDLC)
    Ritual follows a defined software development lifecycle that incorporates security considerations throughout design, development, deployment, and post-release maintenance.

  • Credential & Secret Management
    Ritual uses managed systems and operational controls to protect secrets, credentials, and encryption material. Access is limited based on least privilege principles, and sensitive material is not stored in source code repositories.

  • Vulnerability & Patch Management
    Ritual performs vulnerability scanning, package monitoring, and remediation prioritization based on risk and severity. Patching and upgrade practices differ appropriately between Ritual-hosted and customer-hosted deployments.

Identity & Access Control

  • Enterprise Authentication
    Ritual integrates with enterprise identity systems using standards such as SAML 2.0 and OpenID Connect (OIDC). End-user authentication is typically federated through the customer’s existing Identity Provider.

  • Least Privilege Access
    Ritual follows least privilege principles for administrative and operational access. Customer-facing permission controls help ensure users only access the data and actions they are authorized to use.

  • Auditability
    Ritual maintains audit-relevant logs and product-level activity visibility to support oversight, investigation, and operational review, subject to deployment model and plan capabilities.

  • Multi-Factor Authentication (MFA)
    MFA can be used to strengthen account protection and reduce unauthorized access risk.

Infrastructure Security

  • Network & Availability Protections
    Ritual uses a combination of cloud-native controls, provider capabilities, and architectural safeguards to support service availability and resilience, including protection against common network-layer threats such as DDoS attacks where applicable.

  • Environment Separation
    Ritual maintains separation between development, testing, and production environments where applicable. Customer-hosted deployments can also be promoted through customer-controlled staging and production workflows.

  • High Availability
    High availability and recovery design depend on deployment model, selected infrastructure footprint, and customer requirements.

Product Security Features

  • SAML Single Sign-On (SSO)
    Available on supported plans to enable centralized identity and access management.

  • Audit Log
    Supported plans may include audit log visibility for key security- and safety-related activities.

  • Permission Management
    Granular controls help ensure individuals only see and modify the content they are authorized to access.

  • Domain Management
    Workspace owners can claim ownership of email domains to improve administrative control.

  • Workspace & Team Management
    Administrative controls help workspace owners manage access, structure, and collaboration settings.

AI Security & Privacy

Ritual AI is designed with an enterprise default posture: customer data is not used to train shared foundation models or third-party AI services serving other customers.

For customers requiring greater control, Ritual can support deployment and model strategies that align with Private Cloud or Air-Gapped environments, including more restrictive data handling and customer-controlled AI boundaries.

For more detail, see the Ritual AI Security & Privacy Practices page.

Last updated: March 9, 2026