Legal

Security

How Risen Results, LLC protects data and systems. This page is maintained by Risen Results, LLC to answer common security questions about Risen Results.

Legal documentLast updated June 22, 2026

1. Shared Responsibility

Security is a shared responsibility. Risen Results secures the platform, infrastructure, and application code; our hosting and infrastructure providers secure the underlying cloud; and customers are responsible for protecting their accounts, credentials, and the data they choose to provide.

2. Platform & Hosting

Risen Results runs on a managed, edge-first cloud platform with global content delivery and managed database hosting. Hosting providers operate hardened, multi-tenant data centers with physical and environmental controls.

This page describes enabled platform capabilities factually. It is not an independent attestation or certification.

3. Access & Authentication

Customer accounts use email + password authentication with bcrypt-hashed credentials managed by our authentication provider, plus server-enforced session management.

Authorization is enforced server-side using row-level security and a separate user-roles table; administrative actions require an active admin or compliance role.

Internal access to production systems is limited to personnel who need it, gated by least-privilege controls, and logged.

4. Data Protection

Data is encrypted in transit using TLS 1.2+. Data at rest is encrypted by our database and storage providers using industry-standard ciphers.

Database backups are taken on a recurring schedule by our managed database provider and retained for recovery purposes.

Sensitive fields (such as consent records) are retained for the period required by TCPA, carrier (10DLC), and applicable state law.

5. Application Security

Code changes are peer-reviewed before reaching production. Dependencies are scanned for known vulnerabilities, and high-severity issues are remediated on a defined schedule.

Server-side input validation (Zod) and parameterized database access are used to mitigate injection. We sanitize user-supplied HTML before render.

Public webhook endpoints verify signatures before processing payloads.

6. Incident Response

Risen Results maintains an incident response process covering detection, triage, containment, eradication, recovery, and post-incident review. Customers will be notified of incidents affecting their data without undue delay, consistent with applicable law and the DPA.

7. Reporting a Vulnerability

If you believe you've found a security issue, please report it to support@risenresults.ai with steps to reproduce. Please do not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate.

We appreciate good-faith research and will not pursue legal action for testing that is consistent with this guidance.