Your business data is the foundation of everything you do. Here's how we protect it.
All data is encrypted in transit with TLS 1.2+ and at rest using AES-256. Your information is protected whether it's moving or stored.
Every Rivera account gets its own isolated database. Your data is never co-mingled with other businesses. One account cannot access another's data.
Protect your account with SMS-based two-factor authentication. An extra layer of security beyond your password.
Cloudflare sits in front of Rivera, providing DDoS mitigation, Web Application Firewall (WAF) rules, and bot protection.
Role-based permissions ensure users only see what they should. Every API request is authenticated and authorized before execution.
Input validation, parameterized queries, CSRF protection, and Content Security Policy headers are standard across the platform.
Rivera runs on DigitalOcean's cloud infrastructure in US-based data centers. Our infrastructure includes:
When you use Lumo or other AI-powered features, your data is processed securely:
All payment processing is handled by Stripe, a PCI Level 1 certified payment processor. Rivera never stores credit card numbers, CVVs, or full card details on our servers. Sensitive payment data flows directly to Stripe's infrastructure.
We carefully select infrastructure and service providers that meet our security standards:
In the event of a security incident, we follow a structured response process:
If you discover a security vulnerability, please report it responsibly. We take all reports seriously and will respond promptly.