How we protect your data
Plain answers about what we collect, where it lives, and how it's protected — no badge-wall, just the actual practices.
Security Measures
Encryption in transit and at rest
All traffic is served over TLS, and data is encrypted at rest on AWS-managed infrastructure (RDS, S3).
Passwordless authentication
Sign-in uses magic links and Google OAuth — RivalHound never stores a password that could be leaked or reused.
Tenant isolation
Every query is scoped to your project. Access checks run on every API call, not just at the edge.
Minimal data collection
We store the brands, queries, and results you monitor plus account basics — no tracking pixels in the product, no data resale, ever.
Managed cloud infrastructure
RivalHound runs entirely on AWS (Amplify, Lambda, RDS, SQS) with automated backups and CloudWatch alarms on every queue and scheduled job.
Payments handled by Stripe
Card details go directly to Stripe and never touch our servers. We store only your subscription status.
Data Protection
What We Collect
- • Brand names, competitors, and queries you choose to monitor
- • The AI answers and citations those scans return
- • Account email and subscription status
- • Support communications and feedback
Your Rights
- • Delete your project and its data at any time from Settings
- • One-click unsubscribe on every email we send
- • Export or deletion requests honored via support
- • We follow GDPR principles for data handling and deletion
Security Program
Incident Response
In the event of a security incident affecting your data, we will:
- Contain and investigate the incident immediately
- Notify affected customers within 72 hours
- Provide updates throughout the resolution
- Publish a post-incident review of what changed
Responsible Disclosure
Found a vulnerability? Email security@rivalhound.com — we read every report, respond quickly, and credit researchers who disclose responsibly.
Security Questions?
Have questions about our security practices or need to report a vulnerability?