Skip to content

Security Information

Rise is committed to protecting customer data through layered security controls, including encryption, controlled access, monitoring, and a documented incident response process.

Last updated: April 7, 2026

Overview

This page provides a high-level overview of how Rise protects customer data and systems. It is intended to help customers, prospects, and auditors understand the security controls and operational practices currently described publicly by Rise. Additional documentation may be shared during customer security reviews when appropriate.

Data Encryption in Transit

Rise uses encrypted transport channels to protect data transmitted between user browsers, application services, APIs, and supported third-party integrations. Customer-facing web traffic is served over HTTPS using TLS, and application integrations are configured to use encrypted transport mechanisms supported by the relevant service.

Authentication flows, session handling, and authenticated requests use standard web security mechanisms designed to reduce unauthorized interception or tampering of data in transit.

Data Encryption at Rest

Rise protects stored customer data through managed storage controls and at-rest protection mechanisms provided by underlying storage and infrastructure platforms. Application files, reports, and synchronization data are stored in non-public locations by default.

Access to stored data is restricted through application controls, infrastructure permissions, and operational access management intended to prevent unauthorized access.

Access Controls

Rise applies access controls intended to ensure that customer data and production systems are available only to authorized users with an appropriate business need.

  • Application access is authenticated and restricted by account identity.
  • Role-based permissions are used to limit access by user type, responsibility, and least-privilege principles.
  • Multi-factor authentication is supported for user accounts and administrative workflows.
  • Login attempts and API traffic are rate limited to reduce abuse and unauthorized access attempts.
  • Access is adjusted or revoked when responsibilities change or personnel leave the organization.

Infrastructure and Application Security

Rise uses layered technical and operational safeguards to protect the confidentiality, integrity, and availability of customer data.

  • Private application storage is used for internal files, reports, and sync data.
  • Authenticated routes and APIs are protected with session controls and token-based access controls.
  • Application events, errors, and operational issues are logged to support monitoring and investigation.
  • Security-relevant updates and configuration changes are incorporated into normal engineering operations.

Secure Development Practices

Rise incorporates security into software development and change management processes to reduce the risk of introducing vulnerabilities into production systems.

  • Source code is maintained in version-controlled development workflows.
  • Code changes are reviewed before release.
  • The codebase includes automated tests used during development and maintenance to validate application behavior and identify regressions.
  • Dependencies and configuration changes are maintained as part of routine engineering operations.
  • Logging and operational review support investigation of unexpected behavior and security-relevant events.

Incident Response Process

Rise maintains an incident response process intended to support rapid identification, containment, remediation, recovery, and follow-up review of security incidents.

  1. Identify and assess the event, including initial severity and affected systems.
  2. Contain the issue to limit further exposure or disruption.
  3. Investigate scope, root cause, and potentially affected data or services.
  4. Remediate vulnerabilities, misconfigurations, or control failures and restore operations.
  5. Notify affected customers, partners, or regulators when required by law, contract, or risk level.
  6. Perform a post-incident review and track corrective actions to reduce recurrence risk.

Compliance and Governance

Rise maintains a security program intended to support customer due diligence and contractual security commitments.

  • Rise is actively advancing its SOC 2 program, including control implementation, evidence collection, and audit readiness activities.
  • Security policies, operational controls, and evidence collection are maintained to support external review.
  • Public compliance statements are limited to confirmed, in-scope activities and attestations.

Security Questions

Customers and prospects who need additional security information or security review documentation may contact Rise at [email protected].

This page is intended as a public summary of the Rise security program and will be updated as practices and attestations change.