Security & Trust

Trust, Built In
From the Start.

Rivergen is designed as a secure platform for data and AI operations, with protection, access control, and auditing wired into the core.

Identity, Access & MFA

Modern identity layer for teams and organizations

Organizations & Workspaces

Structure access by org, workspace, and role, so people only see what they should.

Single Sign-On (SSO)

Connect to your identity provider (SAML/OIDC) to manage access centrally.

API & Integration Access

OAuth applications and personal/organization tokens for programmatic access with clear ownership.

Role-Based Access

Granular permissions for every resource

Multi-Factor Authentication

Support for authenticator apps (TOTP), email OTP, and backup codes.

Rate-Limiting & Lockouts

Protect accounts from brute-force attacks with intelligent rate limiting.

Trusted Devices

Reduce friction for known, verified devices while still enforcing MFA when needed.

SCIM Provisioning

Automatic user lifecycle management

Data Protection

Application-level encryption for sensitive data

AES-256-GCM Encryption

Sensitive configuration like data-source credentials and secrets are encrypted at the application level before storage.

Secure Storage Design

Query results and artifacts organized per organization with TTL-based expiration and cleanup for cached data.

Transport Security

Designed to sit behind your existing HTTPS/TLS termination. Transport encryption handled by your cloud/load-balancer setup.

Audit Logs & Transparency

User and organization audit trails

User Audit Trails

Key actions (profile changes, email updates) are written to an AuditLog table with actor, action, and details.

Organization Security Logs

Security log endpoints to review and export security-related activity for each organization.

Platform-Level Audit

Model activity (create, update, deploy, promote, delete) recorded in dedicated audit tables with filtering by user, action, and resource.

AI Operations Audit

AuditMiddleware logs relevant requests (user ID, org ID, endpoint, action) for model- and prompt-related actions.

Reliability & Operations

Health checks, monitoring hooks, and graceful lifecycle

Health Checks & Monitoring

Dedicated /health endpoint reports status of critical dependencies: database, Redis, vector store, and governance.

Background Task Management

Workers monitor training jobs and deployments, keeping platform state in sync without manual intervention.

Graceful Lifecycle

Startup initializes connection management, pollers, and sync workers. Shutdown cleans up data-source resources and connections.

Note: Formal SLAs (e.g., "99.99% uptime") and external certifications are on the roadmap, not yet claimed as completed.

Compliance & Roadmap

We have implemented the building blocks needed for compliance. Here's what's actively in progress.

SOC 2 Type II

Planned

ISO 27001

Planned

GDPR Data Export/Deletion

In Progress

SIEM Integration

Exploring

What we've built: Strong identity and MFA, audit logs, encryption of sensitive data, role-based access, export hooks for user data. What's next: Formalizing policies for SOC 2 and ISO 27001, expanding data export/deletion flows for regulatory requirements, and deepening integrations with existing security stacks.

Questions about security?

Running a security or risk review? We're happy to map our controls to your requirements.

Contact Security Team

Trust, Built InFrom the Start.