Skip to main content

Documentation Index

Fetch the complete documentation index at: https://help.rytz.com.au/llms.txt

Use this file to discover all available pages before exploring further.

Family-law matter data is some of the most sensitive data a person will store anywhere. This page covers the security practices RYTZ recommends for accounts holding active matter data — what the platform offers, what to enable, and what to do if you suspect compromise.

Two-factor authentication (2FA)

Strongly recommended for every active matter. 2FA prevents someone with your password alone from accessing your account.

Enabling 2FA

1

Open Settings → Security

From the user menu (top-right) → Settings → Security.
2

Choose your 2FA method

Two options:
  • Authenticator app (recommended) — Google Authenticator, Authy, 1Password, Bitwarden. Standard TOTP. Most secure.
  • SMS — code sent to a registered phone number. Less secure than authenticator app; use only if authenticator app isn’t an option.
3

Scan the QR code (authenticator)

For authenticator-app 2FA, the platform shows a QR code. Scan with your chosen app. The app generates a 6-digit code that rotates every 30 seconds.Save the recovery codes shown alongside the QR code somewhere safe (password manager, printed and stored offline). These are your backup if you lose access to the authenticator device.
4

Verify with the first code

Enter the current 6-digit code from your authenticator app. The platform confirms 2FA is active.

What 2FA does

Once enabled, every sign-in (after password) requires a second factor:
  • Authenticator app: enter the current 6-digit code
  • SMS: enter the 6-digit code sent to your phone
A successful sign-in on a device gives that device a session of up to 30 days. Within that window, 2FA isn’t re-prompted.

Recovery if 2FA device is lost

If you lose the device with your authenticator app:
  1. Use one of the recovery codes (saved when you set up 2FA) to sign in
  2. Disable 2FA on the recovered account
  3. Re-enable 2FA on a new device
If you don’t have recovery codes and can’t access the registered phone (for SMS 2FA), contact tech@rytz.com.au for manual recovery. The platform requires identity verification for manual recovery — be prepared to confirm your identity through your registered email + additional information.

Family-violence safe-exit

For users with FV disclosed in their case file, the platform offers safe-exit — a one-click feature that closes the platform and clears the browsing trail for the current session.

Enabling safe-exit

Safe-exit is enabled by default for FV-disclosed users. To enable manually (if you want it as a precaution without FV disclosure):
1

Open Settings → Security → Safe-exit

Look for the Safe-exit toggle.
2

Toggle on

The Safe-exit button appears top-right of every screen.
3

Configure exit destination

What page do you want safe-exit to take you to? Default is google.com (innocuous and broadly searched). You can customise to bbc.com, weather.com, or any other innocuous destination.

What safe-exit does

When you click the Safe-exit button:
  1. Sign out of RYTZ immediately
  2. Replace the current browser tab with the configured destination
  3. Trigger the browser’s “back button doesn’t return to RYTZ” pattern (best-effort; depends on browser)
  4. Optionally clear browser history for the session (where supported)
Safe-exit is best-effort, not perfect. Browser histories, network logs, and device-level monitoring can still reveal that RYTZ was visited. Safe-exit is designed for casual-monitoring scenarios (a partner glancing at the device), not for sophisticated surveillance. If you have reason to believe you’re under sophisticated monitoring, consult a family-violence specialist about device safety in addition to using safe-exit.

Session management

The Settings → Security page shows every active session — the device, browser, IP address, and last-activity time for each.

What to do with sessions

  • Sign out a specific session — for a device you no longer use (sold laptop, replaced phone)
  • Sign out everywhere — for situations where you suspect compromise
  • Sign out all except current — single-click to retain only the device you’re on
The “Sign out everywhere” button is particularly useful in compromise scenarios: even if someone has access to a session token from another device, signing out everywhere terminates that session.

Strong-password practices

If using email + password sign-in:

Use a password manager

1Password, Bitwarden, LastPass, or your browser’s built-in. Generate a unique strong password for RYTZ. Don’t reuse a password from another service.

Length matters more than complexity

A 16-character random password is far stronger than an 8-character one with special characters. Modern password-cracking tools handle complexity easily; length is the harder problem.

Don't share your password

Even with someone who ‘helps’ with the matter (a family member, a friend). Sharing access compromises 2FA’s value. If genuine multi-user access is needed, contact support for guidance.

Rotate after suspected compromise

If you suspect the password has been seen by anyone (over your shoulder, on a shared device), change it immediately.

What if I suspect my account was accessed?

Three immediate actions:
1

Sign out everywhere

From Settings → Security. Terminates every active session including any unauthorised one.
2

Change your password

Set a new strong password (use a password manager).
3

Re-enable 2FA on a new device if needed

If 2FA was previously enabled but you suspect the second-factor device is compromised, disable + re-enable 2FA on a fresh device.
Then contact tech@rytz.com.au with a description of what makes you suspect access. The platform’s logs can confirm whether unauthorised access occurred and produce a forensic summary if needed for your matter.

What the platform does at the infrastructure level

A high-level summary of what runs underneath:
  • Encryption at rest — AES-256 encryption for all stored data including evidence uploads, drafts, conversation history
  • Encryption in transit — TLS 1.3 for all client-server communication
  • Australian-jurisdiction storage — data centres in Australia for AU-located accounts
  • Daily backups — encrypted, retained per the platform’s data-retention policy
  • Security audits — independent annual penetration testing, results summarised in Privacy and data
  • Incident-response policy — formal notification procedures if a breach affects user data
For deeper detail, the platform’s public Security & Trust page is at /security (or /trust as alias).

Pre-shared sensitive data — what to do

Some users sign up after sharing sensitive data with a previous platform (a generic AI chatbot, a Google Doc, an email thread). If that’s you:
  • Audit what’s been shared elsewhere. Do you have data on a previous platform that should now be deleted?
  • Migrate substantively. Treat RYTZ as the new home for the matter; consolidate evidence here, archive elsewhere.
  • Don’t paste highly sensitive content into AI chats outside this platform. Other AI chats may use your inputs in ways that don’t fit your matter’s privacy needs.

What’s next

Settings

The full settings hub including Security.

Privacy and data

What data the platform stores and how it’s protected.

Signing in

Sign-in methods and 2FA recovery.

Limits and safety (AI)

Family-violence safety overlay applied to AI interactions.