We follow industry standards, such as the OWASP Top 10 and best practices for our technology stack, to build security into our platform during development and testing. In addition, Rithum engages with third-party security experts to perform web application penetration testing on a regular basis. Rithum clients are isolated from each other through a robust application security model at the request and session levels.

To assist companies in selling and advertising their products online, Rithum may collect personal data on our customer’s behalf. We maintain technical and organizational processes and protections for personal data in compliance with the regulatory regimes under which Rithum operates, including the EU’s General Data Protection Regulation and the California Consumer Privacy Act. Personal data is retained only as long as needed to perform our contractual obligations, or for other legitimate business reasons.

Rithum’s continuous delivery approach to application development means we can deliver changes and upgrades to our applications without impact to availability. Rithum uses a suite of monitoring tools to monitor the availability of its services and provide real time alerting to our teams in the event a service becomes unavailable. In addition, we monitor systems for resource utilization to avoid negative impacts on service availability.

Rithum allows customers to create unique, individual logins and manage the access level for users in their organization. Customers have the ability to define role and group based access controls in our system. Customers also have the ability to use Multifactor Authentication (MFA) or Single Sign-On (SSO).

Rithum encrypts all personal data in transit using industry accepted secure protocols and encrypts data at rest with AES encryption.

All Rithum employees receive security and data privacy training on an annual basis.

Rithum monitors industry security alerts, software and system patches, and other relevant updates via industry alert subscription lists. Rithum also monitors security alerts from vendors and partners and scans applications, systems, networks and code regularly. The necessary updates or patches are applied to the system with priority based on the severity of the issue.

Rithum does not participate in Bug Bounty programs, but welcomes responsible disclosure from clients and partners, who can submit reports to us via their normal support channels.

Rithum’s production servers are located in co-located data centers and cloud service provider environments. The facilities have relevant industry certifications and provide state-of-the-art network operations centers, advanced security and monitoring systems, sophisticated fire suppression systems and redundant utility transformers, generators, automatic transfer switches, main switch panels, and uninterruptible power supplies. All services are geo-redundant.

Rithum’s team has installed redundant firewalls and intrusion detection systems to monitor and protect the network perimeter. Logs are continuously monitored with automated alerting for security, performance, and availability.

Rithum protects its operating systems by hardening production servers and enforcing strong authentication and authorization for access. Operating systems are strengthened by regular patching, scanning, security configuration and monitoring.

Rithum completes an annual SOC 2 Type II audit. The report may be requested from your representative. Penetration tests are conducted at least annually.

All production AI/ML models and services developed, owned, or licensed by Rithum are self-hosted in a multi-tenant cloud environment (AWS). Each client’s data is logically separated within the system, and data storage is fully segregated to ensure security and compliance. The AI/ML models use a combination of natively-generated data (such as listings transformations, user feedback, taxonomy definitions) and external data inputs (customer provided catalogs). No third-party AI/ML sub-processors are used for the relevant services, and client data is not used for training shared models.