Security first
We take security seriously to protect your data and keep your experience safe and reliable. Our approach uses multiple layers of protection — much like a bank secures its money with safes, alarms, strict access controls, and monitoring.Encryption
Encryption at rest (stored data protection) Stored customer data — including the OAuth tokens that connect your ad accounts — is protected with AES-256 encryption, one of the strongest forms of digital security. Think of it like a high-security safe only authorized people can open. Encryption in transit (data moving protection) When data travels over the internet (logging in, sending a message, pulling a report), we encrypt it using TLS 1.3+. It’s like sending a letter in a locked, tamper-proof envelope instead of a postcard.Infrastructure protection
Daily backups We back up data every night, so if anything goes wrong we can restore it — a safety net. Firewalls and access control Security barriers filter traffic and block anything suspicious, like a checkpoint at an airport. DDoS protection We use industry-leading protection against attacks that try to flood our system with traffic. Network restrictions Customer data is processed in a secure, isolated environment with restricted access.Infrastructure & sub-processors
Ryze runs on enterprise-grade cloud infrastructure from leading providers that are independently audited and certified to international security standards (such as ISO 27001) and reviewed regularly by external auditors. We rely on a small, vetted set of sub-processors, each operating under strict data-protection agreements:- Cloud hosting & database — stores your account data and encrypted access tokens
- AI inference — powers the assistant and reporting you use through Claude
- Monitoring & error tracking — system health and security alerts
- Payments — billing; card details are handled by the payment processor and never stored by Ryze
Tenant isolation
Every customer’s data is isolated at the database level using row-level security. One customer’s data is never accessible to another — isolation is enforced by default, not by configuration.Monitoring and response
Automated security monitoring We use Sentry to continuously monitor system health. If anything unusual happens, our team is alerted immediately. Audit logs Every action is recorded — a clear record of who accessed what, when, and why. Incident response plan If something goes wrong, we follow a structured process to detect, analyze, and respond immediately.Access control
Role-based access control Users and administrators only get access to the data they need — nothing more. Credential management We use secure credential management to protect access keys, ensuring they’re encrypted and only accessible to authorized personnel. We never store your ad-platform passwords.Compliance & privacy
- GDPR and CCPA aligned — we handle personal data in line with major privacy regulations.
- Data Processing Agreement (DPA) — available on request for teams that need one before moving forward.
- Security documentation — available on request, covering data handling, access, and infrastructure.
- Regular security reviews — we review and update our systems on an ongoing basis.