Back to Rivet
Legal

Privacy Policy

Last updated January 2024

01

Enterprise-Grade Privacy

Rivet is designed with privacy and security at its core. As a RAG-based platform for documents and code, we understand the sensitive nature of your data and implement the highest standards of data protection.

02

Data Collection & Processing

  • Document Data: Files you upload for processing and analysis
  • Code Repositories: Code files and repository metadata when connected
  • Embeddings: Vector representations of your content for semantic search
  • Chat History: Conversations with the AI assistant (can be disabled)
  • Usage Metrics: Performance data to optimize the service
03

Data Storage & Isolation

Your data is completely isolated and protected:

  • Workspace Isolation: Each workspace has completely isolated data storage
  • Encryption at Rest: All data encrypted using AES-256 encryption
  • Encryption in Transit: TLS 1.3 for all data transmissions
  • Geographic Control: Choose your data storage region
  • Automatic Backups: Regular encrypted backups with point-in-time recovery
04

Access Control

  • Role-Based Access: Granular permissions for team members
  • SSO Integration: Support for SAML and OAuth providers
  • API Keys: Secure API key management with scope limitations
  • Audit Logs: Complete audit trail of all data access
  • MFA Support: Two-factor authentication for enhanced security
05

How We Use Your Data

  • Processing Only: Your documents are processed solely to provide RAG functionality
  • No Training: Your data is never used to train our models
  • No Sharing: Your data is never shared with third parties
  • Temporary Processing: Ephemeral processing with no permanent model changes
06

Compliance & Certifications

GDPR Compliant

Full compliance with EU data protection regulations

SOC 2 Type II

Audited security controls and processes

HIPAA Ready

Available for healthcare data processing

ISO 27001

Information security management certified

07

Your Rights & Control

  • Data Export: Export all your data at any time
  • Data Deletion: Permanent deletion with cryptographic erasure
  • Processing Control: Pause or stop processing at any time
  • Consent Management: Granular control over data processing
  • Data Portability: Transfer data between workspaces or export
08

Third-Party Integrations

When you connect third-party services, we:

  • Only access data you explicitly authorize
  • Store minimal metadata required for functionality
  • Use OAuth 2.0 for secure authentication
  • Never store third-party credentials
  • Allow instant revocation of access
09

Contact Our Privacy Team

For privacy inquiries, data requests, or security concerns:

email
privacy@rivet.ai
security
security@rivet.ai
dpo
dpo@elseblock.com
org
ElseBlock Labs, Bangalore, India

Zero-Knowledge Architecture: Rivet employs a zero-knowledge architecture where possible, ensuring that even we cannot access your unencrypted data. Your privacy is not just a policy — it's built into our technology.