How does RIFF handle security?

RIFF ensures enterprise-grade security with robust data protection measures. Data isolation is achieved through PostgreSQL Row-Level Security (RLS), keeping each organization’s data separate. Authentication is JWT-based with org-level scoping and role-based access controls. Infrastructure is hosted on Supabase (SOC 2–compliant) and deployed on Vercel’s global edge network with DDoS protection. All data is encrypted in transit (TLS) and stored securely. RIFF maintains AI privacy by only accessing your organization’s documents, ensuring no cross-tenant leakage and never using proprietary data for AI training.