Security & Governance

Security & Data Governance at RIO

Strict per-org data isolation, aggregate-only admin access, and time-boxed support approval — built in from the start, not bolted on after a customer asked.

Per-org data isolation, enforced at the database

Every organization's transcripts, deals, scores, and configs are isolated with row-level security (RLS) keyed on org_id. One customer's data is never visible to another's — enforced at the data layer, not just in application logic.

Aggregate-only by default — even for us

AIDTD's own super-admin view only ever shows aggregate stats: seats, call counts, MRR. It does not show transcripts, deals, or org configs. We built RIO to run on aggregate data because that's all we should need to operate the platform.

Support access requires your approval — and a clock

If our support team ever needs to look at your real data to resolve an issue, it requires your explicit approval first.
Any approved access is automatically time-boxed to 24 hours and then revoked — no standing access, no forgotten permissions.
Every stage transition on every contact record is logged with who, from, to, and why — the same audit trail your team gets, we're held to as well.

Sub-processors

RIO uses a small set of sub-processors solely to provide the service — including Deepgram for transcription and Anthropic's Claude for analysis. We do not sell your data or your customers' data to third parties.

Have a security questionnaire to fill out?

We're happy to walk through our data handling, sub-processors, and access model directly.