Rytfit encrypts all of our customer data before it’s stored separately in a database. We use the Advanced Encryption Standard (AES) 256 bit algorithm to encrypt each customer data.
Rytfit uses secure protocols to connect with customer systems using Transport Layer Security (TLS) 1.2 for HTTPS encryption, which is authenticated by AES-256 bit encryption.
Rytfit security access is role-based, supporting LDAP Delegated Authentication, SAML for single sign-on, and x509 certificate authentication for both user and web services integrations.
SAML allows for a seamless, single-sign-on experience between the customer’s internal web portal and Rytfit.
Multi Factor Authentication
All our customers are recommended to us Multi-factor Authentication (MFA) using Google or Microsoft Authenticators.
Only selected Rytfit employees will have access to our customer data to troubleshoot customer issues that need to be resolved and it will be logged as well.
Rytfit uses the cloud database replication and periodic snapshots to avoid data loss. In case of a data loss, we can use replicas to quickly recover to a known previous state.
Rytfit has implemented an Secure Software Development Life Cycle (SSDLC) to help ensure the continued security that includes an in-depth security risk assessment. In addition, both static and dynamic source code analyses are performed to help integrate enterprise security into the development lifecycle.
Application & Network Penetration Testing
Rytfit conducts periodic third-party application-level & network-level security vulnerability assessment of our web application, including, but not limited to, the following:
- Cross-site request forgery (CSRF)
- Session Hijacking
- Improper input handling (such as cross-site scripting, SQL injection, XML injection, etc)
- Weak-session management
- Insufficient authentication or authorization
- HTTP response splitting
- Misuse of SSL/TLS
- Use of unsafe HTTP methods
- Misuse of cryptography
Rytfit is fully compliant with the GDPR.