Built for teams that take data seriously.
Modern security primitives, configurable privacy, compliance roadmap in public view. Nothing to hide.
The short list.
Encryption
AES-256 at rest, TLS 1.3 in transit. Keys rotated per industry standards.
SSO & SAML
Okta, Azure AD, Google Workspace. SCIM provisioning on Core and up.
Role-based access
Standard roles (employee, manager, admin, exec) + custom roles on Growth.
Audit logs
Every Drop, reward issuance, admin action logged with immutable trails.
GDPR & CCPA
DSARs honored within the required windows. Data export on request.
SOC 2
Type II certification on the 2026 roadmap. Current controls available on request under NDA.
Privacy
We collect only what your HRIS needs to operate: name, email, role, team, tenure, and manager relationship. We don't sell data. We don't use your team's data to train models for anyone else.
Incident response
Our target is 24-hour initial disclosure for any security incident affecting customer data. Contact security@giveriver.com for disclosures.
Roadmap
SOC 2 Type II certification is targeted for 2026. Additional compliance (HIPAA BAA, ISO 27001) is evaluated per customer demand — ask your River Guide.
Full Privacy Policy · Terms of Service.
Questions for your CISO?
Our security team answers RFP questions directly. Email security@giveriver.com.