👉🏼 Link to the Trust Center 👈🏼
Employees
Because Riot uses its own product internally, our employees are our strongest guardrail. Everyone completes our awareness program and is tested against phishing. Engineers are also trained on emerging threats and secure coding.
Laptops used by employees are all managed and secured using a MDM and an EDR solution.
Infrastructure
For its infrastructure, Riot relies on leading cloud providers and their state-of-the-art hardware and physical security requirements. Customer data is hosted in AWS in Ireland and Azure in France.
Our cloud architecture implements strong network segregation, firewalls with a deny-by-default policy and web application firewall. Riot’s data is always encrypted, using AES 256 at rest and TLS 1.2+ in transit.
Identity & access management
Riot leverages an identity provider and comprehensive role-based onboarding and offboarding checklists to provide internal access. On top of that, we conduct access reviews at least annually and require everyone to use multi-factor authentication.
Riot’s platform offers a Single Sign-On feature compatible with the leading identity providers and role-based access control to let you manage your permissions as you wish.
Offensive security
Riot uses different means to ensure the security of its platform, including annual pentest campaigns, a bug bounty program, code and infrastructure vulnerability scanning, and compulsory peer reviews before production deployment.
A vulnerability management program is in place to ensure every finding is fixed.
Compliance
Riot complies with the requirements of AICPA SOC 2 Type II and GDPR to ensure our customers benefit from a high security and privacy posture.
Reports and policies can all be found on our Trust Center.
Incident response
Riot is prepared in case of an emergency. Logs and events are continuously monitored to detect potential security threats.
Our incident response plan is regularly improved and tested in different real identified scenarios.
Backup & recovery
Riot also ensures that your data remains available. Backups and snapshots are done daily, and encrypted.
And if a disruption occurs, Riot can be back in 12 hours (RTO) and we can tolerate up to 24 hours of lost data (RPO).
Any questions?
You can contact us at security@tryriot.com
This policy was last updated on July 31st, 2025.