Security & Compliance Policy
RYHA's approach to encryption, tenant isolation, and compliance, including GDPR alignment and our SOC 2 and HIPAA roadmap.
This policy is currently under review by our qualified legal counsel and is provided for general information only. It does not constitute legal advice. RYHA Technologies may update it from time to time, and the version published here is the one that applies.
Security Commitment and Data Protection
Security is built into how we design and operate the RYHA platform. This policy summarizes the practices we use to protect your data and the standards we align with, describing customer-relevant protections rather than internal implementation details. We protect your data with strong encryption at every stage — encrypted at rest using AES-256 and in transit using TLS 1.3 — with keys managed securely and access tightly restricted. Each customer's data is logically isolated from every other customer, so isolation is enforced consistently and one customer cannot view or affect another's data. Access to production systems is limited to authorized personnel on a need-to-know basis and protected by strong authentication, and we log and monitor relevant activity so we can detect and respond to unusual events.
Compliance and Certifications
We align our practices with the EU and UK General Data Protection Regulation (GDPR) and support our customers in meeting their own obligations. We are pursuing a formal compliance roadmap that includes SOC 2 examination and HIPAA readiness, so that customers in regulated industries can rely on independently recognized assurances over time.
Vulnerability Disclosure, Incidents, and Contact
We welcome responsible reporting of security issues; if you believe you have found a vulnerability, please report it through our Security Policy, and do not test against production systems without prior written permission. We also maintain a documented incident response process and commit to notifying affected customers of a confirmed personal data breach within 72 hours, with full details in our Incident Response & Breach Notification Policy. For questions about our security and compliance program or to request available documentation, contact us at contact@ryha.in.
