Data Encryption
Rytfit encrypts all of our customer data before it’s stored separately in a database. We use the Advanced Encryption Standard (AES) 256 bit algorithm to encrypt each customer data.
Secure API
Rytfit uses secure protocols to connect with customer systems using Transport Layer Security (TLS) 1.2 for HTTPS encryption, which is authenticated by AES-256 bit encryption.
Logical Security
Rytfit security access is role-based, supporting LDAP Delegated Authentication, SAML for single sign-on, and x509 certificate authentication for both user and web services integrations.
SSO Support
SAML allows for a seamless, single-sign-on experience between the customer’s internal web portal and Rytfit.
Multi Factor Authentication
All our customers are recommended to us Multi-factor Authentication (MFA) using Google or Microsoft Authenticators.
Data Access
Only selected Rytfit employees will have access to our customer data to troubleshoot customer issues that need to be resolved and it will be logged as well.
Cloud Backup
Rytfit uses the cloud database replication and periodic snapshots to avoid data loss. In case of a data loss, we can use replicas to quickly recover to a known previous state.
Application Security
Rytfit has implemented an Secure Software Development Life Cycle (SSDLC) to help ensure the continued security that includes an in-depth security risk assessment. In addition, both static and dynamic source code analyses are performed to help integrate enterprise security into the development lifecycle.
Application & Network Penetration Testing
Rytfit conducts periodic third-party application-level & network-level security vulnerability assessment of our web application, including, but not limited to, the following:
- Cross-site request forgery (CSRF)
- Session Hijacking
- Improper input handling (such as cross-site scripting, SQL injection, XML injection, etc)
- Weak-session management
- Insufficient authentication or authorization
- HTTP response splitting
- Misuse of SSL/TLS
- Use of unsafe HTTP methods
- Misuse of cryptography
GDPR Compliant
Rytfit is fully compliant with the GDPR.