Security at Rama

We take the security of your data seriously. Our platform is built with enterprise-grade security practices to protect your information.

Data Encryption

All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2+. Your sensitive information is protected at every stage.

Infrastructure Security

Our infrastructure is hosted on leading cloud providers with SOC 2 certified data centers, ensuring physical and network security.

Access Controls

Role-based access controls and the principle of least privilege ensure that only authorized personnel can access sensitive systems and data.

Compliance

We maintain compliance with industry standards and undergo regular security assessments. Visit our Trust Center for current certifications and reports.

Vulnerability Management

We perform regular security testing, code reviews, and vulnerability assessments to identify and remediate potential security issues proactively.

Incident Response

Our dedicated incident response process ensures rapid detection, containment, and resolution of any security events with transparent communication.

Trust Center

For detailed information about our security controls, compliance certifications, and to request security documentation, visit our Trust Center powered by Vanta.

Access Trust Center

Vulnerability Disclosure Policy

We value the security community and welcome responsible disclosure of security vulnerabilities.

Reporting a Vulnerability

If you believe you have discovered a security vulnerability in our systems, please report it to us at:

security@tryrama.com

Please include as much detail as possible, including steps to reproduce, potential impact, and any proof-of-concept code.

Scope

In Scope

  • • tryrama.com and its subdomains
  • • Rama platform and APIs
  • • Authentication and authorization flaws
  • • Data exposure vulnerabilities
  • • Injection vulnerabilities

Out of Scope

  • • Social engineering attacks
  • • Denial of service (DoS/DDoS)
  • • Physical security attacks
  • • Third-party services and websites
  • • Spam or phishing attempts

Safe Harbor

We consider security research conducted in accordance with this policy to be authorized and will not pursue legal action against researchers who:

  • • Act in good faith to avoid privacy violations, data destruction, or service disruption
  • • Only interact with accounts they own or have explicit permission to test
  • • Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue
  • • Report vulnerabilities promptly and allow reasonable time for remediation before disclosure

Our Commitment

  • • We will acknowledge receipt of your report within 3 business days
  • • We will provide an initial assessment within 10 business days
  • • We will keep you informed of our progress toward remediation
  • • We will not take legal action against good-faith security researchers
Note: This is a vulnerability disclosure policy, not a bug bounty program. We do not offer monetary rewards for vulnerability reports at this time, but we deeply appreciate the security community's efforts in helping keep Rama secure.