Trust

Ripenn is built by GenerativeModels Inc., a Canadian corporation operating out of Toronto. We help brands measure and improve how they appear in AI-generated answers — which means we handle their domain, their content, and the prompts they care about. The documents below explain how.

We write these pages the way we'd want to read them as a customer: specific where specificity is possible, honest about what hasn't been built yet, and dated so you can see when something changed.

The documents

Privacy — what data Ripenn collects, why, where it's stored, who else it touches, and how to delete it.
Security — the production architecture, encryption posture, access controls, multi-tenant isolation, and the gaps we haven't yet closed.
Data Usage — how Ripenn's audits actually run, which AI providers see your prompts, what each provider does with them, and how Ripenn uses aggregate data for internal research.
Subprocessors — the third parties that hold or process customer data on Ripenn's behalf, with what each one receives.
Data Processing Agreement — Ripenn's standard DPA, available for review and for countersignature on request.

What Ripenn does not yet have

Stating these openly is more useful than implying they exist.

No SOC 2 audit. Ripenn has not begun a SOC 2 process. When that changes, this line will too.
No ISO 27001 certification.
No published penetration-test report.
No bug-bounty program. Security reports are welcome at support@ripenn.ai.
No self-serve account deletion. Account-level deletions are processed by emailing support.
MFA is not yet enforced for customer accounts. Available as an option in Supabase Auth; enforcement is on the roadmap.

Security questionnaires and enterprise reviews

For vendor security questionnaires, detailed architecture conversations, or to request a countersigned copy of our Data Processing Agreement, email support@ripenn.ai. We respond within 5 business days.

Changes

When we change what these pages say, the change is committed to the public Ripenn repository alongside the code that justifies it. Each page carries a “Last updated” date reflecting the most recent edit.

Trust

We write these pages the way we'd want to read them as a customer: specific where specificity is possible, honest about what hasn't been built yet, and dated so you can see when something changed.

The documents

Privacy — what data Ripenn collects, why, where it's stored, who else it touches, and how to delete it.

Security — the production architecture, encryption posture, access controls, multi-tenant isolation, and the gaps we haven't yet closed.

Data Usage — how Ripenn's audits actually run, which AI providers see your prompts, what each provider does with them, and how Ripenn uses aggregate data for internal research.

Subprocessors — the third parties that hold or process customer data on Ripenn's behalf, with what each one receives.

Data Processing Agreement — Ripenn's standard DPA, available for review and for countersignature on request.

What Ripenn does not yet have

Stating these openly is more useful than implying they exist.

No SOC 2 audit. Ripenn has not begun a SOC 2 process. When that changes, this line will too.

No ISO 27001 certification.

No published penetration-test report.

No bug-bounty program. Security reports are welcome at support@ripenn.ai.

No self-serve account deletion. Account-level deletions are processed by emailing support.

MFA is not yet enforced for customer accounts. Available as an option in Supabase Auth; enforcement is on the roadmap.