Trust Center
Ridhics is built for institutional investors. We believe trust is earned through transparency — here is exactly where we stand on security, data handling, and compliance.
These controls are live today — not roadmap items. Every Ridhics deployment includes these from day one.
How we handle your data, in plain language.
EVA uses commercial language models from OpenAI, Anthropic, Google, and Voyage AI to read filings, synthesize research, and generate analytical narrative. All API calls originate from EVA’s backend servers — language models have no direct access to client accounts, databases, or stored documents. Where the provider offers it, EVA is configured for zero-retention API access: prompts and model responses are not retained by the provider beyond the duration of the request and are not used for model training.
EVA’s analytical engine ingests publicly available financial filings, market data, and macroeconomic series from established providers. These are upstream data feeds — client data is not sent to any of them.
Ridhics stores only what is necessary: account identity (email, OAuth provider), organization membership, session metadata, and platform usage logs. Valuation work and analytical history are stored per-organization. We do not sell client data.
All Ridhics infrastructure runs in AWS US-East-1 (Virginia). The application uses AWS RDS PostgreSQL for storage with daily backups (7-day retention) and point-in-time recovery. No replication outside the United States.
Institutional buyers regularly ask: how do we know an AI-powered research platform isn’t fabricating financial numbers? EVA is architected so this failure mode does not exist in our valuation layer. Financial numbers in EVA reports — fair values, growth rates, margins, terminal values, sensitivities — are computed by deterministic valuation engines, not generated by language models. The role of AI in EVA is to read, structure, and explain — not to invent financial facts. This is structurally different from generative AI tools with hallucination guardrails bolted on: guardrails reduce risk on a generative path; EVA’s architecture removes the generative path from the layer that produces financial numbers.
Public filings (with accession number, filing date, and underlying concept), established market data feeds, or computed formulas with explicit inputs. There is no “the model just knows this” category in an EVA report.
EVA uses standard institutional valuation frameworks (Damodaran FCFF, McKinsey value drivers, sector-specific models including Residual Income for banks, FFO/NAV for REITs, and credit diagnostics for distressed firms). Same inputs always produce the same output.
A meaningful share of our coverage universe receives an honest “Under Review” with a structured reason rather than a confidently-wrong number. Refusal to publish is a feature, not a gap.
EVA snapshots the exact inputs used for every published valuation. Any historical EVA output can be re-computed bit-for-bit on demand.
For institutional diligence, detailed methodology documentation, our analytical-integrity brief, and platform comparison materials are available to qualified prospects on request. Contact ram@ridhics.com.
Transparent about where we are and where we’re headed.
AWS EC2 behind CloudFront CDN with automatic TLS certificate management. Next.js frontend served as static assets. Python/FastAPI backend with async processing.
AWS RDS PostgreSQL with encryption at rest. Automated daily backups with 7-day retention and point-in-time recovery. Separate schemas for application data, auth, and analytics.
LLM APIs (OpenAI, Anthropic, Google) accessed via API keys with zero-retention settings. Voyage AI for embeddings. No user data used for training. All API calls logged and auditable.
Public financial filings and structured financial data are ingested from established providers, parsed, and validated against as-filed values. News and market data are sourced from established financial data providers.
No. We use LLM provider APIs (OpenAI, Anthropic, Google) via API keys with zero-retention settings. Your data is never used for model training.
No. Every piece of data is tagged with your organization ID. Application-level filtering and PostgreSQL Row-Level Security ensure complete isolation.
Yes. We integrate with WorkOS for enterprise SSO/SAML. Contact us to set up your identity provider connection.
All data resides in AWS US-East-1 (Virginia) on encrypted RDS PostgreSQL instances. Application servers run on EC2 behind CloudFront CDN.
Not yet. We are actively building toward SOC 2 Type I with a target audit engagement in Q3-Q4 2026. Our current security controls are designed to meet SOC 2 requirements.
Yes. Contact ram@ridhics.com with your VRQ or security questionnaire and we will complete it within 5 business days.
Ridhics maintains a detailed materials pack for institutional prospects in active diligence. Items available on request to qualified prospects include:
VRQ submissions: 5 business-day response SLA. Security review or methodology deep-dive requests: 1 business-day SLA to schedule.