As a global company serving the data integration needs of large enterprise companies, Riva has developed a comprehensive understanding of privacy regulations throughout the world. From industry-specific regulations like HIPAA and Sarbanes-Oxley to geographic regulatory frameworks like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), we routinely monitor changes in law and policy, and update our solutions to protect our clients from the risk of sanctions – and reputation damage. We view compliance with privacy regulations as a core competency, and a natural extension of the work we do to improve our clients’ relationship with – and use of – sensitive customer data. 

As a core principle, the Riva Engine was designed as pass-through architecture and its components do not cache or store any private information for opportunities, cases, quotes, projects, contacts, accounts, appointments, etc. at any time. This information is retrieved, received, converted, transformed, and transmitted with only metadata (like unique record database IDs, modification data time stamps, and item change revisions) being stored. Client metadata is kept in persistent storage unique to each user and can not be used to build or restore previously synchronized information.