Sandbox — not production · WhatsApp sends are intercepted unless allow-listed

TRUST & SECURITY

Security & SOC 2

Rikol runs your campaigns, your messages, and creator data through one platform — so security is foundational, not an afterthought. This page summarises how we protect your data and the status of our SOC 2 program.

Last updated · 17 June 2026

Placeholder draft. Sample copy for layout only — not legal advice and not the final policy. To be replaced with reviewed text before launch.

01Our commitment

We design Rikol so that each workspace’s data is isolated, access is least-privilege by default, and every sensitive action is logged. Security and privacy are reviewed as part of how we build, not bolted on at the end.

02SOC 2 status

Rikol’s SOC 2 Type II program is in progress. We operate the controls described below and are working toward an independent examination across the relevant Trust Services Criteria. Once available, the report will be shareable under NDA on request.

03Trust Services Criteria

Our control program is organised around the AICPA Trust Services Criteria:

  • Security — protecting systems against unauthorised access.
  • Availability — keeping the service operational and monitored.
  • Processing integrity — ensuring processing is complete, valid, and authorised.
  • Confidentiality — protecting information designated as confidential.
  • Privacy — handling personal data in line with our Privacy Policy.

04Controls we operate

Representative controls in place today include:

  • Encryption of data in transit (TLS) and at rest.
  • Row-level tenant isolation so one workspace can never read another’s data.
  • Least-privilege internal access, scoped and reviewed.
  • Audit logging of sensitive actions, with idempotent webhook handling.
  • Vendor and sub-processor review before integration.
  • Routine dependency and configuration checks in our deploy pipeline.

05Infrastructure and sub-processors

Rikol runs on managed cloud infrastructure with a Postgres database protected by row-level security. We use a small, vetted set of sub-processors for hosting, payments, messaging, and AI. A current list is available in our Privacy Policy.

06Responsible disclosure

If you believe you’ve found a security issue, please tell us before disclosing it publicly. Email security@rikol.ai with details to reproduce, and we’ll acknowledge your report and work with you on a fix.

07Request the report

To request our security documentation or SOC 2 report (when available), email security@rikol.ai from your work address and let us know your use case.