Rydoo features industry-standard certifications to guarantee systems, payment and data security.
SOC 2 Type 2
Rydoo ensures data protection in transit by using at least TLS v.1.2. Data at rest is encrypted with AES TDE.
Multi-factor authentication is mandatory for all Rydoo employees and contractors. Access is granted based on the “least privilege” and “need-to-know” principles.
Rydoo is fully compliant with GDPR. All data entered into our application is securely stored within Microsoft Azure data centres located in the EU and meets strict security requirements.
Data Backup and Disaster Recovery
We perform incremental and full daily backups and regularly restore data for testing purposes. Our disaster recovery plan is developed and tested annually. Our RPO and RTO are strictly defined in a contract.
Every year, Rydoo conducts penetration testing and vulnerability assessments to identify and address security weaknesses.
Vendor Risk Assessment
We regularly conduct Vendor Risk Assessments to safeguard customer data. Evaluating vendors helps us make informed decisions, reduce risks, and enhance protection.
Incident Response and Reporting
We have a documented and tested Incident Response Process, which enables efficient incident response and recovery.
Rydoo only collects and processes data that is necessary to provide its services. Our data minimization approach reduces the risk of exposure for our clients.
Employee Training and Awareness
We have comprehensive employee data security and privacy training powered by KnowBe4. Well-trained staff are absolutely essential for the protection of our data.
Easy Escalation and Support
We have implemented a process for detecting and addressing security incidents. Our clients can easily contact us in case of incidents.