Security & Compliance
ISO 27001:2022 certified. AWS-hosted with encryption at every layer. Tested annually by independent security firms. Built for organizations that take data protection seriously.
Platform Architecture
Ryde is a multi-tenant SaaS platform hosted on a leading public cloud provider. Production environments are network-isolated, and data residency options are available to meet customer regulatory requirements.
Single-tenant clusters can be provisioned for enterprise deployments that require full environment isolation. The platform supports SAML and OpenID Connect (OIDC) SSO for both administrative and passenger interfaces, integrating with your existing identity provider.
Certifications & Standards
ISO 27001:2022
Certified
SOC 2 Type II
Aligned
GDPR
Compliant
Israeli Privacy Law
Compliant
Annual
External Pentest
Technical Security Controls
Infrastructure
Network-isolated production environments, separated from development. Data residency options for regulated clients. Encrypted backups held in geographically separate regions.
Encryption
AES-256 encryption at rest with managed key rotation. TLS 1.2+ for all data in transit. Backups are encrypted and stored separately from the primary environment.
Access Control
MFA mandatory for all internal users. Production access restricted to VPN with two-factor authentication. SAML and OIDC SSO for customer admin and passenger interfaces. Role-based access control across all platform modules.
Monitoring & Audit
Detailed audit logs of all CRUD operations, retained for 6 months. Logs exportable to customer SIEMs via API or webhook. Annual external penetration testing by an independent firm, with findings tracked to remediation.
Business Continuity
Encrypted, geo-redundant backups on a continuous schedule. Documented business continuity and disaster recovery procedures, tested and reviewed annually.
Data Privacy
Ryde processes only the PII required for transport optimization: full name, phone number, and address. No medical (PHI) or financial (PCI) data is stored. Customer-configurable data retention policies. Standard Data Processing Agreement (DPA) provided.
Need our compliance documentation?
Our security team provides ISO 27001 certificates, penetration test summaries, and completed SIG questionnaires during your evaluation process.