Home
Company

Safety

How we handle data, model behavior, and security across every engagement — not just the ones that ask about it.

Data handling

We only access the systems and data a project actually requires, scoped to the shortest reasonable duration. Client data is never used to train models, shared across unrelated client engagements, or retained past the end of a project without explicit agreement. Where a project needs sensitive data — customer PII, financial records, health data — we scope storage and access down to the people directly working on that piece.

Model use & oversight

When we build AI features, we default to grounding model output in your actual data rather than trusting a model's unsupported claims. Every AI feature we ship gets an evaluation set before launch, and we build in human review for any action a model takes that's hard to reverse — sending something, charging something, deleting something. AI assists; it doesn't get unsupervised authority over consequential decisions unless a client explicitly asks for that trade-off and understands the risk.

Security practices

  • Secrets and credentials are never committed to source control and are rotated on engagement handoff.
  • Access to client infrastructure is scoped per-person and revoked immediately at the end of an engagement.
  • Dependencies are kept current and scanned for known vulnerabilities as a standing part of our workflow, not a pre-launch checklist item.
  • Production changes go through review before they ship — even on small engagements, even under deadline pressure.

Responsible AI principles

We won't build a feature designed to deceive users about whether they're talking to a person or a model. We flag AI-generated content where it materially affects a user's decision. And we'll tell a client directly if a requested AI feature carries a safety or reputational risk we don't think is worth taking — that conversation happens before we build it, not after something goes wrong.

Questions or a report

If you've found a security issue in something we've built, or have a question about how we handle data on a specific engagement, reach us directly at security@ryulabs.io. We reply to every report.

Have specific requirements to review?

Send us your security or compliance questionnaire before you sign — we'd rather answer it upfront than after.