Security

Riff is built for use in enterprise procurement and operations environments, where AI tooling must meet the same security bar as any other system with ERP access.

Note for the docs team: Please verify current certification status and data residency commitments before publishing this page. Content below reflects the designed security posture — confirm specifics with the Riff team.

Authentication and access control

Single Sign-On (SSO)

Riff supports enterprise SSO via SAML 2.0 and OAuth 2.0. Connect your identity provider (Okta, Azure AD, Google Workspace) so that Riff authentication follows your existing MFA and session policies. No separate credential management required.

Role-based access control

Access within a Riff workspace is role-based:

Agents themselves operate under the permissions of the integration credentials they're configured with — not any individual user's credentials. This means agent permissions are explicit and controllable independently of who runs them.

Secrets management

Credentials used by agents — ERP API keys, OAuth tokens, SMTP credentials, webhook secrets — are stored in Riff's encrypted secrets manager. They are:

• Never stored in code or configuration files

• Never logged or returned in API responses

• Accessible to agents at runtime, not readable by builders after initial entry

• Rotatable without redeploying the agent

Data handling

Where your data lives

Riff's infrastructure is hosted in the EU. Data processed by agents — ERP records read, supplier emails parsed, audit logs written — is stored within EU boundaries.

What Riff stores

Riff stores:

• Agent configuration (the job definition, not ERP data)

• The audit trail of agent actions

• Data explicitly written to Riff's native database by the builder

• Attachments and files explicitly passed to the agent

Riff does not store a copy of your ERP data. When an agent reads from your ERP to make a decision, that data is processed in memory and logged in the audit trail (the specific fields used, not a full record dump).

Data retention

Audit logs and agent run history are retained for [retention period — confirm with Riff team]. Workspace data is retained for the duration of your subscription and deleted within [period] of account closure.

Compliance

GDPR

Riff is GDPR-compliant. A Data Processing Agreement (DPA) is available on request and is included in enterprise agreements. For procurements requiring a DPA before onboarding, contact your account manager.

SOC 2

[Status — confirm with Riff team: "Riff is SOC 2 Type II certified" or "Riff is working towards SOC 2 Type II certification, with report expected [date]." ]

Penetration testing

Riff conducts regular penetration testing by an independent third party. Results are available under NDA for enterprise procurement processes.

The permissioned actions model

The primary security control for ERP write access is Riff's typed actions model — described in detail in How agents act on ERPs.

In brief: agents can only perform the specific, pre-declared write operations they've been configured and approved to perform. There is no mechanism for an agent to perform an ERP write action that wasn't reviewed and authorised by the builder before deployment. This is the architectural guarantee that makes ERP write access auditable.

Security questions and enterprise onboarding

For security questionnaires, DPA requests, penetration test results, or architecture review calls, contact: [security contact — confirm with Riff team].