Rival Radar Docs
RIVAL RADAR
  • Welcome & Quick Start
  • Basecamp (Dashboard)
  • Scout (Analysis)
  • The Vault (Library)
  • Battleground (Sales Coach)
  • Intel Feed
  • War Map (Positioning)
  • Win/Loss Tracker
  • Knowledge Base
  • Field Notes
  • Team Management
  • Billing & Plans
  • Integrations Overview
  • Chrome Extension
  • Salesforce
  • Gong
  • Slack
  • Calendar Intelligence
  • Calendly
  • MCP Server
  • API Reference
  • FAQ & Troubleshooting
  • Changelog
  • Security & Privacy
← Back to Rival Radar
DocsSecurity & Privacy

Security & Privacy

How we protect your competitive intelligence and handle your data.

Our Commitment

Your competitive intelligence is some of the most sensitive data in your organization. We take security seriously and have built Rival Radar with enterprise-grade protections from the ground up.

Data Isolation

Each organization's data is completely isolated. We never share your competitive intelligence with other customers, and analyses generated for your organization are never used to train AI models or improve results for other users.

Encryption

  • In transit: All data is encrypted using TLS 1.2+ (HTTPS enforced via HSTS)
  • At rest: Database and file storage are encrypted at rest
  • API tokens: Integration tokens (Salesforce, Gong, Slack, Calendly) are stored encrypted

Authentication & Access

  • Email verification - all accounts require verified email addresses
  • Concurrent session limits - prevents unauthorized access from many devices
  • Session management - users can view and revoke active sessions
  • Role-based access control (RBAC) - three roles (Member, Admin, Owner) with distinct permission sets
  • OAuth integrations - no passwords stored for third-party services
  • SSO - available on Command Center for enterprise identity management

Security Headers

Every response from Rival Radar includes these security headers:

  • X-Frame-Options: DENY - prevents clickjacking
  • X-Content-Type-Options: nosniff - prevents MIME sniffing
  • Referrer-Policy: strict-origin-when-cross-origin
  • Strict-Transport-Security - enforces HTTPS
  • Permissions-Policy - disables camera, microphone, and geolocation
  • Content-Security-Policy - strict CSP to prevent XSS

AI & Data Processing

Rival Radar uses frontier AI models for analysis and coaching. Here's how data flows:

  • Your company information and competitor names are sent to the AI to generate analyses
  • Knowledge base documents are sent as context when generating battle cards and coaching responses
  • Call transcripts (from Gong) are sent for competitive moment analysis
  • Our AI providers do not use API inputs to train their models
  • AI responses are stored in your organization's isolated database

Infrastructure

  • Hosted on cloud infrastructure with automated backups
  • Database with automated daily backups and point-in-time recovery
  • Monitoring and alerting for security events
  • Regular security updates and dependency patching

Payment Security

All payment processing is handled by Stripe. We never store credit card numbers or sensitive payment information on our servers. Stripe is PCI DSS Level 1 certified - the highest level of payment security certification.

Data Retention & Deletion

  • Active accounts: data retained as long as the account is active
  • Cancelled accounts: data retained for the billing period, then available for export
  • Deleted organizations: all data permanently deleted within 30 days
  • Revoked sessions: cleaned up after 30 days
  • Abandoned sessions: cleaned up after 60 days of inactivity

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly to security@userivalradar.com. We appreciate the security community's help in keeping Rival Radar safe.

Questions?

For security-related questions or to request our security documentation, contact security@userivalradar.com.

Related

Team Management

Roles and access control

API Reference

API authentication details

FAQ

Common security questions