Skip to content
Ryvion

Trust & Security

Security built into every layer

From cryptographic receipts to jurisdiction-enforced sovereign routing — choose the trust level that matches your workload.

Security tiers

Three levels of trust

Every workload on Ryvion gets Standard protections by default. Upgrade to Sovereign or Confidential when your compliance or security requirements demand it.

Standard

Cryptographic verification and node identity checks on every job.

  • Signed receipts (Ed25519)
  • Node identity verification (KYC via Stripe)
  • VPN/proxy detection
  • Timezone + latency anomaly detection
  • Hardware fingerprinting
  • Container sandboxing (--cap-drop=ALL, --network=none)

Best for

Open-source inference & R&D

Recommended

Sovereign

Geographic enforcement and legal guarantees for regulated data.

Everything in Standard, plus:

  • Country-level routing enforcement
  • Multi-country jurisdiction selection
  • Latency probing for physical location verification
  • Trusted node operators only (verified tier)
  • Legal agreements (NDA/DPA)

Best for

Government, healthcare, regulated industries

Coming soon

Confidential

Hardware-level encryption. Zero-knowledge execution — even the node operator cannot see your data.

Everything in Sovereign, plus:

  • TEE hardware routing — AMD SEV-SNP, Intel TDX/SGX, NVIDIA Confidential Computing
  • Hardware attestation with Ed25519-signed receipts including TEE proof
  • Encrypted model weights in memory (planned)
  • Zero-knowledge to node operator (planned — requires full attestation chain)

Best for

Proprietary models, trade secrets

Proof

Cryptographic receipts

Every job produces a signed receipt — a cryptographic proof of execution, not a log entry. The signature covers node, job ID, result hash, and metering units.

Ed25519 signature from the executing node
SHA-256 hash of the signed receipt message
Core execution fields verifiable against node public key
Model, jurisdiction, and provenance carried as attached audit metadata
Monthly audit export with bundle hash

Network

Verified nodes, verified locations

The network continuously validates node identity and geography. Operators that fail verification are excluded from sovereign workloads.

VPN detection (ip-api, vpnapi.io, timezone mismatch)
Latency triangulation for geo-sovereignty enforcement
Hardware fingerprinting prevents Sybil attacks
Auto-update with Ed25519 signature verification
Cherry-pick cooldown (3 failures → 5 min block)

Financial

Financial protection

Layered controls protect both buyers and operators from fraud, chargebacks, and abuse — enforced at every payment stage.

T+24h earning clearing period
$50/day payout cap per node
Spending velocity limits ($5/hour for new accounts)
Stripe webhook idempotency
Chargeback auto-freeze
Anomaly detection on large payouts

Guardrails

Built-in safety filters

Configurable guardrails before and after inference. Catch PII leaks, prompt injection, and unsafe content without building your own pipeline.

PII detection — flag or redact personal data in prompts and responses
Prompt injection defense — block adversarial prompts
Content safety — configurable severity thresholds
All events logged to audit trail with full context

Compliance

EU AI Act — Article 14 audit trails

Article 14 requires human oversight and full audit trails for high-risk AI systems. Every inference, guardrail event, and agent action on Ryvion is logged with cryptographic proof.

Full audit trail

Every request, response, guardrail event, and receipt recorded

Exportable logs

Download for regulatory review and compliance documentation

Jurisdiction proof

Cryptographic proof of where execution physically occurred

Guardrail logging

Full request context for incident review and reporting

Agent action trail

Every decision and memory operation recorded

Get started

Start building

Create an account and send your first request in under a minute. Free tier included.

Start building View docs