2. Platform & Hosting
Risen Results runs on a managed, edge-first cloud platform with global content delivery and managed database hosting. Hosting providers operate hardened, multi-tenant data centers with physical and environmental controls.
This page describes enabled platform capabilities factually. It is not an independent attestation or certification.
3. Access & Authentication
Customer accounts use email + password authentication with bcrypt-hashed credentials managed by our authentication provider, plus server-enforced session management.
Authorization is enforced server-side using row-level security and a separate user-roles table; administrative actions require an active admin or compliance role.
Internal access to production systems is limited to personnel who need it, gated by least-privilege controls, and logged.
4. Data Protection
Data is encrypted in transit using TLS 1.2+. Data at rest is encrypted by our database and storage providers using industry-standard ciphers.
Database backups are taken on a recurring schedule by our managed database provider and retained for recovery purposes.
Sensitive fields (such as consent records) are retained for the period required by TCPA, carrier (10DLC), and applicable state law.
5. Application Security
Code changes are peer-reviewed before reaching production. Dependencies are scanned for known vulnerabilities, and high-severity issues are remediated on a defined schedule.
Server-side input validation (Zod) and parameterized database access are used to mitigate injection. We sanitize user-supplied HTML before render.
Public webhook endpoints verify signatures before processing payloads.
6. Incident Response
Risen Results maintains an incident response process covering detection, triage, containment, eradication, recovery, and post-incident review. Customers will be notified of incidents affecting their data without undue delay, consistent with applicable law and the DPA.
7. Reporting a Vulnerability
If you believe you've found a security issue, please report it to support@risenresults.ai with steps to reproduce. Please do not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate.
We appreciate good-faith research and will not pursue legal action for testing that is consistent with this guidance.