Trust · Data handling

Your data, your rules, your audit trail.

We're a managed-AI-agent shop, not an enterprise security platform. This page is what we actually do today — and what we don't. If your buyer needs SOC 2 to sign, we'll tell you on the intake call rather than pretend.

Security & support

Your data, systems, privacy, and peace of mind are protected.

  • Scoped access

    Agents receive the narrow tool permissions required for the role, not blanket access to your stack.

  • Credential and data protection

    Credentials live in a vault. Foundation models receive only the task inputs they need to draft or reason.

  • Audit-ready operations

    Every draft, tool call, edit, approval, and escalation is logged so review has a reliable trail.

  • Operational support

    Your agent is not left alone. RidgeHQ owns prompt updates, evals, weekly review, and guardrail changes.

We're not SOC 2 certified yet. If that's a hard requirement, we're not the right fit at this stage. We'll tell you before kickoff rather than pretend.

What's not yet in place

We're honest about the gaps.

  • SOC 2 certification

    Not yet. We have the controls and the audit-trail tooling in place; we have not engaged an auditor. If your procurement requires it, we're not the right vendor at this stage.

  • HIPAA / PHI workloads

    Not supported. Our agents run on AWS with per-tenant isolation, but we have not signed a BAA. Don't send protected health information through us today.

  • EU data residency

    All infrastructure is in us-east-1 today. We don't yet support EU-only data residency. Bring it up on intake if it's a hard requirement.

How agents are scoped

Guardrails, not vibes.

Every agent we ship comes with a R.I.D.G.E. card: Role (what the agent owns), Inputs (what it can read), Decisions (what it can decide on its own), Guardrails (where it can't go), Escalations (when it has to ask). Anything outside the Decisions list is escalation territory — the agent stops, comments, and waits for a human.

We review the R.I.D.G.E. card with you on intake, again at week one, and as needed during the weekly review. Agents don't expand scope on their own.

Questions we'll answer on the call

Bring your security questionnaire.

We've answered some of these before; we'll answer them honestly. If we can't meet a requirement, we'll tell you on the call rather than fight you to a redline. The intake call is also where the security conversation happens — not in a months-long procurement loop.

Hire an AI employee with the guardrails written down.

We scope what it can read, decide, and escalate before it touches production work.

Get Started See how it works