Trust · transparency · current posture
audit the outcome · verify activation · prove it every Friday
The single page procurement teams check first. Compliance posture, sub-processors, security controls, and what still needs activation review.
12 controls, current posture
Controls mapped. Type II audit timing is readiness-gated; no certification is claimed before a completed report exists.
BAA and deployment posture are confirmed during onboarding before any PHI-bearing workflow is enabled.
Guardrails are present; production use still depends on deployed environment, tenant configuration, and compliance review.
Customer-specific egress commitments must be confirmed in onboarding and contract terms.
Planned: Okta · Azure AD · Google Workspace · Enterprise tier · SCIM provisioning.
Agent authority hierarchy live (5 levels) · append-only security audit log live · user-facing RBAC roles in progress.
TLS 1.3 in transit · AES-256 at rest (provider-managed disk encryption) · application-layer field encryption on roadmap.
Application, cache, and vector store in US-East · BYOC (bring-your-own-cloud) on Enterprise tier.
First test targeted 2026-Q3 · summary report available on signed-NDA download.
Incident process is part of production readiness; customer-facing SLAs should not be promised before certification.
Sub-processors and DPAs/BAAs are reviewed before a customer workflow is activated.
Provider data-use terms must be verified per deployed model route and customer contract.
Sub-processors
We notify customers ≥ 30 days before adding any new sub-processor that processes PHI. The fully-named subprocessor list with DPAs is available under NDA at privacy@hireriley.com.
We answer security questionnaires within 48 hours. SIG, CAIQ, and vendor-specific formats, handled by our security team directly.
Security & compliance: buyer questions
Riley operates HIPAA-aware workflows. The default tier scans every outbound message for PHI before any AI provider call. Practice and DSO tiers offer a HIPAA-aware deployment with a Business Associate Agreement (BAA) available on request. We do not claim a SOC 2 Type II certification before the audit report exists. Current posture is published on this page in real time.
No. Provider data-use terms are verified per deployed model route. The default LLM router uses commercial APIs with explicit no-training contracts. The anthropic_only egress policy (BAA tier) restricts to Anthropic on-demand endpoints with zero retention. The local_only policy disables external egress entirely.
Application, cache, and vector store run in US-East. Per-tenant Postgres is encrypted at rest with AES-256. TLS 1.3 in transit. BYOC (bring-your-own-cloud) deployment is available on the Enterprise tier for customers requiring strict data residency.
Tenant-scoped. No cross-tenant data access by default. Cross-tenant learning is opt-in via an explicit per-workspace toggle (default OFF). Subprocessor list is published on this page; full DPA + named-vendor disclosure available under NDA at privacy@hireriley.com.
Incident response process is part of the production-readiness program. Customer-facing SLA is part of the Enterprise contract. We do not publish SLA commitments before certification because that would overpromise. For now, the security audit log is append-only and queryable; privacy@hireriley.com is monitored for inbound reports.
Yes. The outcome ledger, approval history, and brand-voice configuration export as CSV + JSON from the billing portal. After export, workspace deletion is a single confirm-action from the same surface. We honor deletion requests within 30 days per standard practice; the audit log records the action.