RUDY AI
Security

Security designed for enterprise workforce data.

RUDY protects employee data with encryption, tenant isolation, access control, and annual penetration testing — built for the trust requirements of sensitive HR intelligence.

Data encryption

All data is encrypted with AES-256 at rest and TLS 1.3 in transit. Encryption keys are managed separately from data using a dedicated key management service. No plain-text PII is stored in application logs.

  • AES-256 encryption at rest
  • TLS 1.3 in transit
  • Separate key management service
  • Zero plain-text PII in logs

Access control

RUDY implements role-based access control (RBAC) with the principle of least privilege. SSO and SAML 2.0 are supported. All access events are logged and auditable.

  • Role-based access control (RBAC)
  • Least-privilege design
  • SSO / SAML 2.0 support
  • Access event logging

Infrastructure

RUDY's infrastructure is hosted in the US with geographic redundancy. Tenant isolation ensures no data crossover between organizations. RUDY aligns with SOC 2 Type II controls.

  • US-based hosting
  • Tenant isolation architecture
  • SOC 2 Type II alignment
  • No third-party data sharing

Penetration testing

RUDY undergoes annual third-party penetration testing by an independent security firm. A responsible disclosure program is maintained for external security researchers.

  • Annual third-party pentest
  • Independent security firm
  • Responsible disclosure program
  • Remediation tracking and verification

Incident response

RUDY maintains a documented incident response program with 24-hour notification SLAs for qualifying data events, breach investigation protocols, and forensic support.

  • 24-hour notification SLA
  • Documented breach protocol
  • Forensic investigation support
  • Customer communication templates

Privacy by design

PII is pseudonymized in all processing pipelines. Aggregation thresholds prevent individual inference from group data. Data minimization is enforced at the collection layer.

  • PII pseudonymization
  • Aggregation thresholds enforced
  • Data minimization at collection
  • Purpose limitation controls

Enterprise security documentation

Access our security documentation, compliance reports, and penetration testing summaries through the platform trust center. Architecture documentation and data processing agreements available to enterprise customers.

View Trust Center

See RUDY AI in action.

Explore real workforce intelligence, privacy-first AI coaching, and manager-ready insights in our live demo environment.

No surveillance. No black-box scoring. Human review where it matters.