Security Information

Strong Password Policies: We enforce strong password requirements, including complexity and length.

OAuth 2.0: For third-party integrations, we use OAuth 2.0 to ensure secure and seamless authentication.

Encryption: User data is encrypted both in transit (using TLS/SSL) to protect against unauthorized access.

User files uploaded to the Rhetoric system are stored for 7 days and then automatically deleted.

Small portions of text from user briefs are stored securely in the system database until the user/owner selects to delete a scored brief from the user interface. These text portions are visible only to the user/owner who uploaded them and are illustrative of text that the system suggests changing.

When a user deletes a scored brief from the user interface, all remnants of the brief, quotes, and scores are immediately removed from the system. If briefs have not been automatically deleted at the 7-day mark, a user-triggered delete will immediately delete the brief before the 7-day mark.

No data from uploaded briefs is used for any Artificial Intelligence (AI) training or modeling.

Data Anonymization: Sensitive user information is anonymized where possible to minimize risk in case of data breaches.

User Data: Rhetoric collects only first and last name, company, email, IP address, and role. No additional personal data are collected, and these data are never sold or transferred.

Automatic Logout: Users are automatically logged out after a period of inactivity to prevent unauthorized access on unattended devices.

Regular Security Updates: We regularly update our software to patch vulnerabilities and ensure protection against the latest threats.

Secure Development Lifecycle: Security is integrated into every phase of our software development lifecycle, from design to deployment.

User-Focused Incident Response Plan: Our incident response plan includes specific protocols for notifying and assisting users in case of a security breach.

Data Breach Notification: Users are promptly informed of any data breaches that may affect their personal information, along with steps they can take to protect themselves.

Secure APIs: Third-party integrations are secured through robust API security measures, including authentication, rate limiting, and encryption.

Vendor Security Assessments: We conduct security assessments for third-party vendors to ensure they meet our security standards and protect user data appropriately.

Feedback Loop: We encourage users to report security concerns and provide feedback, which is used to continuously improve our security measures.

Regular Audits: Internal and external security audits are conducted to ensure ongoing compliance and identify areas for improvement.