Security at Rhizome Compliance
Defense-in-Depth Architecture
Security is the foundation of our architecture. Built by a team with deep roots in cryptocurrency, AML, and Fortune 100 data defense, our platform is designed to handle the most sensitive data in the world.
We employ a strategy that combines military-grade infrastructure isolation with rigorous operational security.
True Single-Tenant Isolation
We eliminate the 'Noisy Neighbor' risk found in most SaaS platforms
Unlike traditional multi-tenant SaaS platforms where customer data co-mingles in a shared database, Rhizome utilizes a containerized, single-tenant architecture.
Physical Separation
Every customer is deployed with their own dedicated application and database containers.
Zero Leakage Risk
Because your data physically resides in a separate instance, the risk of 'cross-tenant' data leakage is structurally eliminated.
Flexible Deployment
Our containerized architecture allows for deployment on any cloud or fully On-Premise within your own VPC.
Data Residency
We support global data residency. Whether you require data in the EU, US, or Canada, we pin your instance to that region.
Encryption at Rest
We utilize LUKS (Linux Unified Key Setup) to encrypt all distinct storage volumes at the disk level.
Encryption in Transit
All data is encrypted via TLS 1.2+ (Transport Layer Security) with HSTS to force secure connections.
Application Security
Built for modern threats
Authentication: We support Single Sign-On (SSO) via Google and standard username/password login by default. Enterprise integrations and MFA are supported.
RBAC: Granular permissions allow you to distinguish between Administrators and Standard Users, ensuring least-privilege access.
Vulnerability Scanning: Security is baked into our CI/CD pipeline. Every release undergoes automated vulnerability scanning to detect flaws before they reach production.
Operational Security & Personnel
Internal protocols for maximum safety
Restricted Access: Access to production environments is restricted to a single Senior Lead Engineer. No support staff have direct access to customer data.
Device Security: All employee workstations are enforced with Full Disk Encryption, mandatory malware scanning, and managed password managers.
Vetting: All personnel undergo rigorous third-party background checks and reference verification prior to employment.
Reliability & Compliance
Uptime and Regulatory Alignment
Disaster Recovery: We perform nightly encrypted backups with a rolling 7-day retention period. Custom retention policies are available.
Uptime SLA: We are committed to a 99.9% uptime SLA. If we fall below this, customers are eligible for service credits ranging from 10% to 50% of their monthly fee.
Regulatory Compliance: We are fully compliant with GDPR (Europe), CCPA (California), and PIPEDA (Canada), supporting the right to be forgotten and data portability.
Responsible Disclosure
We welcome reports from independent security researchers. If you believe you have found a vulnerability in Rhizome, please contact security@rhizomecompliance.com for our bug bounty program.