Your conversations are secure with us

Rafiki is SOC2 Type 1 Certified

Data Center & Network Security  ✓ Application Security
Data Security   ✓ Security Policies    ✓ Application Monitoring
Secure Software Development Lifecycle
wave top
Rafiki is SOC 2 Compliant

SOC2 Type 1 Certification

Rafiki is SOC 2 Type 1 Compliant.

SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA's Trust Services Principles criteria.

Rafiki powers you with

Product Security

Product Security

Rafiki supports SAML 2.0 and uses OAuth2 standard authorization. Client Data is stored on resilient storage that is replicated across data centers
Data Security

Data Security

User data is automatically encrypted using Advanced Encryption Standard (AES) 256, a secure symmetric-key encryption standard
operational Security

Operational Security

Rafiki partners with Google Web Services (GCP), a world-class, secure data center provider, and utilizes its state-of-the art electronic surveillance and multi-factor access control systems.
Your data is secure with Rafiki

Threat / Vulnerability Detection

  • Entire site constantly monitored
  • Built-in anamoly detection
  • Annual external penetration testing
  • Web service uptime continuously monitored for incidents that result in denial of service attacks
  • Regularly tested for penetration and vulnerability threats
wave top
End to end data encryption

Data Protection

  • Encryption at rest
  • Single-sign on  
  • Role-based access controls - COMING SOON
  • Logging, auditing and monitoring features
  • Encryption in transit
  • Features to enhance privacy of personal data
Secure development process

Secure Development Process

  • Peer code reviews
  • Robust security framework based on OWASP standards
  • Screen code changes for potential security issues with our code analyzer tools
  • Release cycle follows functional, unit and extensive QA testing
  • Software Development Life Cycle (SDLC) mandates adherence to secure coding guidelines
  • Clearly documented change control process