> ## Documentation Index > Fetch the complete documentation index at: https://docs.ryft.io/llms.txt > Use this file to discover all available pages before exploring further. # Security & Privacy > Ryft security overview covering encryption, least-privilege access, SSO, MFA, and compliance certifications including SOC2 and ISO-27001. At Ryft, when it comes to your data, security and privacy are top priorities. That’s why we’ve built our platform securely from the ground up, drawing on years of experience from a team with deep expertise in building secure, enterprise-grade systems. ## Security Highlights * All data is encrypted at rest and in transit using leading industry standards. * Ryft only extracts statistics, metadata and query logs. * Ryft uses service accounts and authentication tokens with **read-only access** to ensure secure integration. We enable **granular permissions**, allowing you to grant access only to the necessary datasets and resources, adhering to the principle of least privilege. ## Building on Secure Foundations Ryft's security practices are aligned with industry-leading standards to safeguard your data against unauthorized access, breaches, and threats. Our approach includes: * **End-to-End Encryption** - data is always encrypted at transit & at rest using AES-256. * **Network communication** - All connections to Ryft are encrypted by default in both directions, using modern ciphers and cryptographic protocols. We ensure data is encrypted in transit with TLS 1.2 or higher. Any HTTP connection attempts are automatically redirected to HTTPS for added security * **Strong authentication & authorization** - Ryft enforces secured SSO & Multi-factor authentication for all of its employees, and use a least privilege access model for every system access. * **Real-Time Monitoring and Incident Response** - Ryft leverages comprehensive logging and alerting across its infrastructure to detect threats in real-time. * **Secure Software Development Lifecycle** - Ryft ensures the security of its product by implementing the leading security standards including automated image scanning, mandatory peer review, vulnerability scanning and more. * We conduct annual **penetration tests** to assess and strengthen Ryft's security posture by identifying and addressing vulnerabilities. Our latest penetration test and remediation reports are available in our Trust Center upon request. * All employees use encrypted laptops and undergo regular security awareness training to ensure best practices. ## Compliance Ryft maintains comprehensive audits to uphold industry standards, regulatory requirements, and data protection laws worldwide. Ryft is: * **SOC2 (Type II)** compliant * **ISO-27001** compliant * **GDPR** compliant Ryft will provide complete reports, and will sign NDAs and/or DPAs if requested. ## Sub-processors | Name | Description | | :---- | :---------------------------------------- | | AWS | Cloud hosting and infrastructure provider | | Auth0 | Authentication provider | To receive notifications of any updates made to our subprocessors, please email [privacy@ryft.io](mailto:privacy@ryft.io).