Data Encryption

Rytfit encrypts all of our customer data before it’s stored separately in a database. We use the Advanced Encryption Standard (AES) 256 bit algorithm to encrypt each customer data.

Secure API

Rytfit uses secure protocols to connect with customer systems using Transport Layer Security (TLS) 1.2 for HTTPS encryption, which is authenticated by AES-256 bit encryption.

Logical Security

Rytfit security access is role-based, supporting LDAP Delegated Authentication, SAML for single sign-on, and x509 certificate authentication for both user and web services integrations.

SSO Support

SAML allows for a seamless, single-sign-on experience between the customer’s internal web portal and Rytfit.

Multi Factor Authentication

All our customers are recommended to us Multi-factor Authentication (MFA) using Google or Microsoft Authenticators.

Data Access

Only selected Rytfit employees will have access to our customer data to troubleshoot customer issues that need to be resolved and it will be logged as well.

Cloud Backup

Rytfit uses the cloud database replication and periodic snapshots to avoid data loss. In case of a data loss, we can use replicas to quickly recover to a known previous state.

Application Security

Rytfit has implemented an Secure Software Development Life Cycle (SSDLC) to help ensure the continued security that includes an in-depth security risk assessment. In addition, both static and dynamic source code analyses are performed to help integrate enterprise security into the development lifecycle.

Application & Network Penetration Testing

Rytfit conducts periodic third-party application-level & network-level security vulnerability assessment of our web application, including, but not limited to, the following:

  • Cross-site request forgery (CSRF)
  • Session Hijacking
  • Improper input handling (such as cross-site scripting, SQL injection, XML injection, etc)
  • Weak-session management
  • Insufficient authentication or authorization
  • HTTP response splitting
  • Misuse of SSL/TLS
  • Use of unsafe HTTP methods
  • Misuse of cryptography

GDPR Compliant

Rytfit is fully compliant with the GDPR.