Ryla Proof

Effective Date: April 9, 2026

Privacy Policy

This Privacy Policy describes how Ryla Ventures LLC ("Ryla Ventures," "we," "us," or "our") collects, uses, and protects information when you use the Ryla Proof platform ("Service"), available at rylaproof.com.

Ryla Proof is a CMMC Level 1 self-assessment tool designed for government contractors and subcontractors. We take the privacy and security of your information seriously.

Ryla Proof provides tools and guidance for self-assessment purposes only and does not constitute legal, regulatory, or compliance advice. Use of the Service does not guarantee compliance with any regulatory framework.

Ryla Proof is a private software product and is not affiliated with, endorsed by, or certified by the U.S. Department of Defense or any government agency. While our team includes Cyber AB Registered Practitioners, the Service itself is not a Cyber AB certified tool or assessment.

1. Information We Collect

1.1 Information You Provide

  • Account information: your email address, used for authentication via magic link login.
  • Organization profile: company size, IT management model, technology stack, and whether you handle Federal Contract Information (FCI). This information is used solely to tailor your assessment.
  • Assessment responses: your answers to CMMC Level 1 control questions, which drive your compliance results, evidence checklist, and remediation tasks.
  • Scope and boundary data: information about your in-scope systems, FCI handling methods, and network boundary that you voluntarily enter.
  • Promo codes: if you enter a promotional code during signup.

1.2 Information Collected Automatically

  • Usage data: pages visited, features used, and session duration, collected to improve the Service.
  • Device and browser information: browser type, operating system, and screen resolution.
  • Cookies: we use only essential cookies required for authentication and core functionality. We do not use advertising cookies or third-party tracking.

1.3 Prohibited Data

Users are strictly prohibited from entering Federal Contract Information (FCI), Controlled Unclassified Information (CUI), or classified data into the Service.

Ryla Proof is not authorized to store such data. Users are solely responsible for ensuring compliance with this requirement. The Service is an assessment and tracking tool only. It does not process, store, or transmit FCI, CUI, or any classified government data.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Authenticate your identity and manage your account.
  • Generate your personalized CMMC Level 1 self-assessment, evidence checklist, remediation plan, and export documents.
  • Improve the Service based on aggregated, anonymized usage patterns. Aggregated data does not identify you or your organization.
  • Communicate with you about your account, including transactional emails (magic link login, service updates).
  • Respond to your inquiries and provide support.
  • We will update this policy and notify you before using your data in any new way not described here, including any future use of artificial intelligence or machine learning tools that process your data.

3. How We Share Your Information

We do not sell personal data and do not use third-party data brokers.

We may share information only in the following circumstances:

Service providers

We use trusted third-party service providers for hosting, database management, and communications (including cloud infrastructure providers such as Supabase and Vercel). These providers are contractually obligated to protect your information and use it only to provide services on our behalf.

We maintain agreements with our service providers to ensure they meet industry-standard security and data protection requirements.

Share links

If you generate a share link to share your assessment results with a third party (such as a contracting officer), the recipient can view your assessment data in read-only mode via that link. You control when share links are created and can revoke them at any time.

Legal requirements

We may disclose information if required by law, regulation, legal process, or governmental request.

Business transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

4. Data Storage and Security

Your assessment data is stored in the United States in a hosted PostgreSQL database provided by Supabase, with Row Level Security (RLS) enabled to ensure that only you can access your own data. The Service is hosted on Vercel infrastructure, also located in the United States. All data is transmitted over HTTPS/TLS encryption.

We implement reasonable administrative, technical, and physical safeguards to protect your information. However, no method of electronic storage or transmission is completely secure, and we cannot guarantee that your data will not be lost, corrupted, or accessed by unauthorized parties.

5. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users in accordance with applicable laws.

6. Data Retention

We retain your account and assessment data for as long as your account is active or as needed to provide the Service.

If you request deletion of your account, we will permanently delete your data within 30 days, except where we are required to retain it for legal or compliance purposes.

If we terminate your account, we will retain your data for 30 days, during which you may contact us at support@rylaproof.com to request a copy before permanent deletion.

If we discontinue the Service entirely, we will provide at least 60 days' notice and honor data requests received during that period. After the Service closes, all user data will be permanently deleted within 30 days.

You can reset all your assessment data at any time from within the application. While we implement safeguards to protect your data, users are responsible for maintaining copies of critical records.

7. Your Rights

You have the following rights regarding your personal information:

  • Access: request a copy of the personal information we hold about you.
  • Correction: request that we correct inaccurate or incomplete information.
  • Deletion: request that we delete your personal information.
  • Portability: export your data using the built-in export features (PDF, DOCX, XLSX) or request it in another format.
  • Opt-out: opt out of non-essential communications at any time.

To exercise any of these rights, contact us at support@rylaproof.com.

8. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

To make a CCPA request, contact us at support@rylaproof.com.

9. International Users

The Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States. By using the Service, you consent to this transfer.

10. Children

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us and we will promptly delete it.

11. Third-Party Links

The Service may contain links to third-party websites or resources. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice within the Service before the changes take effect. Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Ryla Ventures LLC

Email: support@rylaproof.com

View our Terms of Service →