Appearance
Security at Rilk
Your inventory, orders, and customer data run your business. Protecting them isn't a premium tier or a roadmap item — it's how the platform is built. Here's how Rilk approaches security, in plain language.
Encryption in transit and at rest
Every connection between your browser and Rilk is encrypted with TLS 1.2 or higher. All stored data is encrypted at rest with AES-256, and the most sensitive items — like the connection credentials for your marketplaces and shipping carriers — carry an additional layer of application-level encryption on top.
Multi-factor authentication on every account
Multi-factor authentication is enforced for all Rilk accounts — yours, your team's, and our own staff's. A password alone is never enough to reach your data.
Role-based access
Access inside Rilk follows least privilege. Granular roles and permissions control exactly what each member of your team can see and do, and every account's data is strictly isolated from every other account's.
Continuous vulnerability scanning
Automated security scanning runs on a fixed cadence: code and dependency analysis weekly, with dynamic testing of the running application and cloud-configuration reviews monthly. Findings are triaged, tracked, and remediated on defined timelines — not filed away.
Independent infrastructure attestations
Rilk runs on enterprise-grade cloud infrastructure from Amazon Web Services, which maintains its own independent third-party attestations — including SOC 1, SOC 2, SOC 3, and ISO 27001 — covering the physical, environmental, and foundational security of the platform Rilk builds on. We review those reports as part of our own vendor-management program.
SOC 2 Type II — in progress
A SOC 2 Type II examination of Rilk's own security controls is in progress, with the report expected in late 2026. Prospective customers who need details ahead of the report can reach out below.
Responsible disclosure
Found a vulnerability? We want to hear about it. Email support@rilk.ai with the details and we'll respond promptly — we're grateful to researchers who report issues responsibly and we won't pursue good-faith research. Our machine-readable security contact lives at rilk.ai/.well-known/security.txt.
