Application Security

We follow industry standards, such as the OWASP Top 10 and best practices for our technology stack, to build security into our platform during development and testing. In addition, Rithum engages with third-party security experts to perform manual web application and network penetration testing on a regular basis. Rithum clients are prevented from accessing the data of other clients through a robust application security model, which is reapplied with every request and enforced for the duration of a user session.

Data Protection & Privacy

To assist companies in selling and advertising their products online, Rithum may collect personal data on our customer’s behalf. We maintain technical and organizational processes and protections for personal data in compliance with the regulatory regimes under which Rithum operates, including the EU’s General Data Protection Regulation and the California Consumer Privacy Act. Personal data is retained only as long as needed to perform our contractual obligations, or for other legitimate business reasons.

Availability

Rithum’s continuous delivery approach to application development means we can deliver changes and upgrades to our applications without impact to availability. Rithum uses a suite of monitoring tools to monitor the availability of its services and provide real time alerting to our teams in the event a service becomes unavailable. In addition, we monitor systems for resource utilization to avoid negative impacts on service availability.

Access Control

Rithum allows customers to create unique, individual logins and manage the access level for each individual user in their organization. Customers define roles and groups, giving them the ability to enforce role-based access controls to specific modules in our system.

Data Encryption

Rithum encrypts all personal data in transit and at rest. Rithum uses industry accepted secure protocols and encrypts data at rest with AES 256 bit encryption.

Security & Privacy Training

All Rithum employees receive security and data privacy training on an annual basis.

Vulnerability Management

Rithum keeps up-to-date on any breaking security alerts, software and system patches, and other relevant updates via the CERT/CC industry alert subscription list and repository. Rithum also monitors security alerts from vendors and partners. The necessary updates or patches are applied to the system with priority based on the severity of the issue.

Physical Security

Rithum’s production servers are located in a data center co-location and in cloud service provider environments. The facilities have relevant industry certifications and provide state-of-the-art network operations centers, advanced security and monitoring systems, sophisticated fire suppression systems and redundant utility transformers, generators, automatic transfer switches, main switch panels, and uninterruptible power supplies.

Perimeter Defense

Rithum’s team has installed redundant firewalls and intrusion detection systems to monitor and protect the network perimeter. System servers and firewall log files are continuously scanned and monitored by automatic applications that record performance and availability.

Operating Systems and Subsystems

Rithum protects its operating systems by using a minimal number of access points to all production servers and enforcing strong authentication and authorization for access. Operating systems are strengthened by continuous maintenance, including updating patch levels for security, and disabling and removing unnecessary users, protocols, and processes.

Compliance and Attestations

csa-logo
Cloud Security Aliance
aicpa-soc-logo
AICPA SOC
privacy-shield-framework-logo
Privacy Shield Framework
security-image.png

Reporting a Security Vulnerability

At Rithum we incorporate security into our development processes and strive to keep our platform secure. In line with this we want to offer a path for reporting vulnerabilities identified in our public websites and products.