Skip to main content
Our commitments

Security by default, not as an upsell.

End-to-end encrypted DMs

Direct messages use the Signal protocol. Ripple servers only ever see ciphertext for one-to-one and small-group DMs.

SOC 2 Type II

Our platform is SOC 2 Type II audited annually by an independent AICPA-accredited firm. Report available under NDA.

Encryption at rest

All server-side data is encrypted at rest with AES-256. Keys are rotated quarterly and held in an HSM-backed KMS.

Sign-in alerts

Every new sign-in triggers an in-app + email alert. Two-factor authentication with a hardware key is supported and encouraged.

Responsible disclosure

Found something?

We take security reports seriously. Our program follows industry best practice, and we'll never take legal action against good-faith researchers.

  1. Email security@ripple.example.com with a proof of concept.
  2. We reply within one business day and give you a status update within five.
  3. Please give us 90 days to fix the issue before public disclosure.
  4. Valid, in-scope reports are eligible for our bug bounty (up to $10,000).

PGP fingerprint on request from security@ripple.example.com.