Security & Trust Center
Our commitment to compliance and security
Welcome to the RIOS Trust Center
At RIOS, we are committed to building AI-powered automation solutions that transform industrial operations while prioritizing security, compliance, and transparency. As technology continues to evolve, we recognize the critical importance of safeguarding data, ensuring operational integrity, and maintaining trust with our partners and customers.
This page provides an overview of our approach to security and compliance. Here, you can request documentation and review high-level details on the controls we follow. To access sensitive documents within this portal, please contact us.
COMPLIANCE
RIOS is committed to industry-leading security standards. We continuously improve our security posture and align our practices with recognized frameworks such as NIST 800-53, SOC 2 and ISO 27001.
RESOURCES
SECURITY POLICIES
Access Control Policy
Acceptable Use Policy
Incidence Response Policy
Disaster Recovery Policy
Business Continuity Policy
Password Policy
Data Privacy Policy
+7 more
OTHER
Secure Code Analysis
Vulnerability Management
Dynamic Application Security TestingNETWORK SECURITY
Firewalls and Network 
Hardening
Logging and Monitoring
Multi-factor Authentication (MFA) EnforcementDATA SECURITY
SSL/TLS Enforced
Least Privilege Authorizations
Daily Database BackupsINFRASTRUCTURE SECURITY
Encryption at Rest and in Transit
Security Patching and Maintenance
Access Control and Authentication Standards
ORGANIZATIONAL SECURITY
Security Awareness Training
Access Control Policies
Incident Response Procedures
SUBPROCESSORS
AMAZON WEB SERVICES • CLOUD INFRASTRUCTURE
GOOGLE • ANALYTICS, PRODUCTIVITY
MICROSOFT • CLOUD INFRASTUCTURE & SSO
SENDGRID/TWILIO • ANALYTICS, EMAIL COMMUNICATIONS
SECURITY CONTROLS
APPLICATION SECURITY
Secure Code Analysis
Vulnerability Management
Dynamic Application Security Testing
Static Application Security Testing
NETWORK SECURITY
Firewalls and Network Hardening
Logging and Monitoring
Multi-factor Authentication (MFA) Enforcement
EMAIL PROTECTION
Advanced Email Filtering for Spam and Phishing Prevention
Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC) Implemented
Real-Time Email Monitoring and Alerting
Email Security Awareness and Phishing Detection Training
INFRASTRUCTURE SECURITY
Encryption at Rest and in Transit
Security Patching and Maintenance
Access Control and Authentication Standards
DATA SECURITY
SSL/TLS Enforced
Least Privilege Authorizations
Daily Database Backups
ORGANIZATIONAL SECURITY
Security Awareness Training
Access Control Policies
Incident Response Procedures
Employee Confidentiality Agreements
Third-party Vendor Security Requirements
SUBPROCESSORS
AMAZON WEB SERVICES • CLOUD INFRASTRUCTURE
GOOGLE • ANALYTICS, PRODUCTIVITY
MICROSOFT • CLOUD INFRASTRUCTURE & SSO
SENDGRID/TWILO • ANALYTICS, EMAIL COMMUNINCATIONS
We align closely with leading industry frameworks such as NIST 800-53, SOC 2 and ISO 27001 and continuously enhance our practices to maintain alignment with these standards.
We encourage responsible disclosure and provide clear channels for reporting vulnerabilities. If you discover a potential issue, please contact us directly at our designated security email (security@rios.ai) to enable prompt investigation.
We encourage responsible disclosure and provide clear channels for reporting vulnerabilities. If you discover a potential issue, please contact us directly at our designated security email (security@rios.ai) to enable prompt investigation.
Customer data is encrypted both in transit (TLS) and at rest (AES-256). We employ robust access controls, continuous monitoring, regular vulnerability assessments, and enforce strict authentication protocols to ensure data remains secure.
Our infrastructure is hosted with trusted cloud providers such as Microsoft 365/Azure and AWS, primarily located within data centers in the United States.
Customer data is retained only as long as required for service delivery or until deletion is requested by the customer. Once deleted, data is permanently removed from our systems within 30 days.
Yes, our services utilize a secure multi-tenant approach. Data is logically segregated through strict access controls and Multi-Factor Authentication (MFA) ensuring the confidentiality and integrity of each customer’s information.