TrustSecurity and trust

Governance & security

TL;DR

Ripple is built for enterprise-grade privacy, security, and compliance. Every interaction— from calls to Jams—is encrypted, auditable, and permission-controlled so your organization’s data stays safe.

Overview

Trust is the foundation of collaboration. Ripple meets the data-handling standards of regulated industries without adding friction for end users. Admins gain fine-grained control over who sees what, while every document, call, and transcript is protected by default.

In depth

Security framework

  • Encryption: TLS 1.3 in transit, AES-256 at rest.
  • Authentication: OAuth 2.0 / SAML 2.0 with Google Workspace or Microsoft 365.
  • Audit logging: Every action is logged and viewable in Admin → Audit Trail.
  • Data residency: Regional hosting options (US, EU, APAC on request).
  • RBAC: Admin, Member, and Guest roles control visibility and feature access.

Compliance posture

  • SOC 2 Type II (in progress).
  • GDPR / CCPA / NZ Privacy Act compliant.
  • Optional data retention policies per organization.
  • Exportable audit reports for boards or formal compliance reviews.

Privacy by design

  • Ripple collects only what’s needed to power the experience.
  • Admin controls:
    • Disable recording or AI summarization per channel.
    • Define retention limits for meeting data.
    • Process right-to-erasure requests directly from the Admin console.

Best practices

  • Create separate channels for sensitive topics (e.g., #board, #hr, #m&a).
  • Enforce MFA for every workspace member.
  • Review the Audit Trail monthly and rotate API keys annually.
  • Pair the security overview with Integrations to understand which systems have data access.

Last reviewed: Security Team · 2025-01-17

OverviewPrivacy center