RIVET PRIVACY POLICY

Last updated: January 2024

ENTERPRISE-GRADE PRIVACY

Rivet is designed with privacy and security at its core. As a RAG-based platform for documents and code, we understand the sensitive nature of your data and implement the highest standards of data protection.

DATA COLLECTION & PROCESSING

  • Document Data: Files you upload for processing and analysis
  • Code Repositories: Code files and repository metadata when connected
  • Embeddings: Vector representations of your content for semantic search
  • Chat History: Conversations with the AI assistant (can be disabled)
  • Usage Metrics: Performance data to optimize the service

DATA STORAGE & ISOLATION

Your data is completely isolated and protected:

  • Workspace Isolation: Each workspace has completely isolated data storage
  • Encryption at Rest: All data encrypted using AES-256 encryption
  • Encryption in Transit: TLS 1.3 for all data transmissions
  • Geographic Control: Choose your data storage region
  • Automatic Backups: Regular encrypted backups with point-in-time recovery

ACCESS CONTROL

  • Role-Based Access: Granular permissions for team members
  • SSO Integration: Support for SAML and OAuth providers
  • API Keys: Secure API key management with scope limitations
  • Audit Logs: Complete audit trail of all data access
  • MFA Support: Two-factor authentication for enhanced security

HOW WE USE YOUR DATA

  • Processing Only: Your documents are processed solely to provide RAG functionality
  • No Training: Your data is never used to train our models
  • No Sharing: Your data is never shared with third parties
  • Temporary Processing: Ephemeral processing with no permanent model changes

COMPLIANCE & CERTIFICATIONS

GDPR Compliant

Full compliance with EU data protection regulations

SOC 2 Type II

Audited security controls and processes

HIPAA Ready

Available for healthcare data processing

ISO 27001

Information security management certified

YOUR RIGHTS & CONTROL

  • Data Export: Export all your data at any time
  • Data Deletion: Permanent deletion with cryptographic erasure
  • Processing Control: Pause or stop processing at any time
  • Consent Management: Granular control over data processing
  • Data Portability: Transfer data between workspaces or export

THIRD-PARTY INTEGRATIONS

When you connect third-party services, we:

  • • Only access data you explicitly authorize
  • • Store minimal metadata required for functionality
  • • Use OAuth 2.0 for secure authentication
  • • Never store third-party credentials
  • • Allow instant revocation of access

CONTACT OUR PRIVACY TEAM

For privacy inquiries, data requests, or security concerns:

Email: [email protected]

Security Issues: [email protected]

DPO Contact: [email protected]

Address: ElseBlock Technologies, Bangalore, India

Zero-Knowledge Architecture: Rivet employs a zero-knowledge architecture where possible, ensuring that even we cannot access your unencrypted data. Your privacy is not just a policy—it's built into our technology.