Security
Built to keep your code context and decisions under your control
Ritual works with the engineering context your team depends on: code, decisions, conversations, and implementation plans. We protect that data with encryption, workspace isolation, scoped access, and a clear rule: your content is not used to train anyone else's models.
Privacy & AI
Your data is not training data
Ritual uses enterprise-grade LLM providers under agreements that prohibit using your content to train their models. We do not opt in to provider data-sharing programs that would change that.
We collect only what the product needs
Ritual stores the workspace content, decisions, code context, and conversations needed to make the product work. We do not sell customer data, and we do not share it with third parties for advertising.
Deployment options for sensitive environments
Teams with strict data residency, compliance, or isolation requirements can use dedicated deployment options, including environments backed by their own cloud, secrets, and identity systems.
Application Security
Modern authentication
Ritual uses a dedicated identity provider with support for OIDC/OAuth, SSO, and multi-factor authentication. Passwords are never stored in plaintext, and sessions are signed and time-limited.
Workspace isolation
Each workspace's data is logically isolated. Authorization is checked on every request, so users only access content from workspaces they belong to. For enterprise customers, Ritual can also support single-tenant deployments with dedicated application infrastructure, database storage, and secrets management.
Scoped access tokens and role-based permissions
Programmatic access through the CLI, MCP server, or API uses revocable personal access tokens scoped to a specific workspace. In-app permissions are role-based, so administrators can control who can read, edit, or manage workspace settings.
Infrastructure Security
Managed cloud infrastructure
Ritual runs on managed cloud infrastructure for compute, storage, networking, identity, and secrets. We use managed services where possible to reduce operational risk and rely on infrastructure with established security and compliance controls.
Encryption in transit and at rest
Connections to Ritual use TLS with managed certificates. Customer data, including databases, file uploads, and backups, is encrypted at rest. Secrets and credentials are stored in a dedicated secrets manager with audited, least-privilege access.
Private network boundaries
Application workloads run inside a private network. Public traffic enters through managed ingress, and internal services communicate over private network paths rather than being directly exposed to the public internet.
Operational Security
Review-gated change management
Every code change goes through peer review and automated checks before reaching production. Infrastructure is managed as code, reviewed through the same process, and deployed through automated pipelines.
Least-privilege employee access
Production access is limited to authorized employees, protected by SSO and MFA, and reviewed regularly. Employee access follows least-privilege principles, and production access is audited.
Monitoring and incident response
We continuously monitor application and infrastructure health. Our incident-response process covers detection, mitigation, customer communication, and post-incident review.
Continuity & Availability
Automated backups and recovery
Databases are backed up continuously with point-in-time recovery. Backups are encrypted using the same standards as the primary data store, and recovery procedures are tested.
Designed for availability
Ritual uses managed services with failover support and runs workloads across multiple availability zones where appropriate. Deployments are automated and designed to minimize downtime.
Your data is portable
You can export your workspace content. If you decide to stop using Ritual, you can take your data with you.
Ready to own the frontier?
Join thousands of enterprises already using our platform to drive growth and innovation.