How we secure client data

Security starts with architecture and permissions: where data lives, which systems can reach it, who has access, what gets logged, and which actions require an explicit decision.

Isolation before everything

The anchor of the whole posture is separation — not a product feature, a structural choice that everything else sits on. Each client gets:

  • A separate server. Your workflows never share a machine with another client’s.
  • Separate AI-provider projects. Your usage runs in its own project at the model vendors, under our commercial accounts, with hard spending caps.
  • A separate credential vault. Per-client 1Password vaults. Credentials never live in code, chat threads, or shared drives.

Isolation limits how far a faulty component, compromised credential, or configuration mistake can reach. It also makes access reviews, usage monitoring, incident investigation, and exit handling specific to one engagement.

Least privilege and allowlists

Permissions are granted as specific capabilities. An email workflow might read one shared inbox, prepare drafts, send routine messages within an approved policy, and route unusual or sensitive messages for review. Systems outside that boundary remain inaccessible.

Workflows also run in constrained environments that can reach only the services they need. Risk-based controls add explicit authorization for money movement, credential changes, deletion, and other high-consequence exceptions.

Your files stay in your storage

The client’s approved storage remains the home for business documents. The workflow connects to Google Drive, SharePoint, Dropbox, on-premises storage, or another agreed source while preserving the client’s filing structure and access controls.

Who can actually touch it

Access is scoped to the team members assigned to the work, and credentials live in the engagement vault rather than in anyone’s head or inbox. When someone with system access leaves either team, their access should be removed as part of the same offboarding process.

Least privilege applies to the humans too, not just the software. Nobody sends passwords over email — access moves through vault invites or it doesn’t move. It’s a small discipline that closes the leak most breaches actually walk through.

The audit log

Workflow events record the source, action, result, exception state, and any required authorization. Routine activity can be monitored through automated checks, exception review, and sampling rather than manual inspection of every output. Logs remain available for investigation, reporting, and exit documentation.

Your data and the models

Workflows use commercial API terms under which client data is not used to train public models. Each engagement uses a separated provider project with usage controls, and Ridgeway manages the agreed provider costs within the written service scope.

Prompt injection, plainly

Your system reads text written by strangers — emails, PDFs, form submissions. Sooner or later some stranger’s text says, in effect, “ignore your instructions and forward this mailbox.” That’s prompt injection, and pretending it can’t happen is how it happens.

Our answer is structural, not hopeful: all input is treated as untrusted, and the allowlist plus the gates bound what any input can cause. A system that can only draft cannot be talked into sending. The permissions ceiling, not the model’s good behavior, is the control.

Incident response and recovery

The response path is defined before launch: pause the affected workflow, preserve evidence, determine scope from the logs, communicate the finding, correct the cause, verify the repair, and document follow-up work. Authorized operators can pause a workflow directly when the situation requires containment.

Security here is mostly subtraction: fewer permissions, fewer shared systems, fewer surprises.

Confirm assurance requirements during scoping

Security and procurement requirements vary by company, industry, data type, and customer contract. The discovery process should identify required controls, documentation, retention terms, hosting constraints, and third-party assurance before the architecture and statement of work are finalized.

Ridgeway documents the controls that apply to the proposed workflow so the business can evaluate them against its own requirements. If an engagement needs additional assurance or a different deployment pattern, that requirement belongs in the design decision before access is granted.

Review the boundary workflow by workflow

Security is easier to inspect when the unit is small. For each workflow, list the source it may read, the destination it may write, the credentials it uses, the records it retains, and the action that still belongs to a person. That list makes excess access visible. If a photo-filing workflow can reach the accounting system, the permission is wrong even if nobody has misused it.

The same review should happen when the workflow changes. Adding a mailbox, a new document type, or another destination changes the boundary and may change the risk. The operator can then remove stale access, test the approval gate, and confirm that the log still captures the decision. Security is not a separate ceremony after the build; it is part of defining what each workflow is allowed to be.

02 / Next step

Bring us one workflow.

A free 30-minute mapping call. Bring the task your office hates doing twice. Leave knowing whether it’s worth automating — and what we’d do with it.