Security

Security is not an
afterthought

We've built security into every layer of Rax AI. Your data protection and privacy are our top priorities.

Contact Security Team View Practices

99.9%

Uptime SLA

3 Regions

Data Centers

24/7

Security Team

<1 hour

Response Time

Core Principles

Security pillars

Our security approach is built on four foundational pillars that protect your data at every level.

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys are hashed and never stored in plain text.

Authentication

Secure API key authentication with scoped permissions. Support for OAuth 2.0 and SSO for enterprise accounts.

Infrastructure

Hosted on SOC 2 compliant infrastructure with automated security patching and 24/7 monitoring.

Privacy

Your data is never used to train models. We follow data minimization principles and GDPR compliance.

Data Handling

How we handle your data

Transparency in data handling is fundamental to building trust. Here's exactly what happens with your data.

Data Processing

API requests are processed in real-time and not stored permanently
Request logs retained for 30 days for debugging (can be disabled)
No training on customer data - ever
Data processing in your selected region

Data Retention

Usage analytics stored for billing purposes
API logs automatically purged after retention period
Account deletion removes all associated data
Export your data anytime via dashboard

Data Protection

End-to-end encryption for all API communications
Encrypted database backups with 7-day retention
Regular security audits and penetration testing
Incident response team on standby 24/7

Important: We Never Train on Your Data

Your API requests and responses are never used to train, fine-tune, or improve our AI models. Your data remains yours, always. This commitment is contractually guaranteed for all customers.

Features

Security features

Built-in security features to help you maintain control and visibility.

API Key Management

Create multiple API keys with granular permissions. Rotate keys without downtime.

Scoped permissionsKey rotationUsage limitsIP allowlists

Access Control

Role-based access control for team members with detailed audit logs.

Role-based accessTeam managementAudit logsSession management

Rate Limiting

Intelligent rate limiting to protect against abuse and ensure fair usage.

Per-key limitsBurst protectionAutomatic scalingCustom limits

Monitoring & Alerts

Real-time monitoring with instant alerts for suspicious activity.

Usage anomaliesFailed auth alertsThreshold alertsSlack/webhook integration

Compliance

Certifications & compliance

We're committed to meeting the highest industry standards for security and privacy.

SOC 2 Type II

In Progress

Security, availability, and confidentiality controls

GDPR

Compliant

EU General Data Protection Regulation

CCPA

Compliant

California Consumer Privacy Act

HIPAA

Roadmap

Health Insurance Portability and Accountability

Responsible Disclosure

Found a vulnerability?

We take security vulnerabilities seriously. If you've discovered a security issue, we encourage you to report it to us responsibly.

Report via email to [email protected]
We respond within 24 hours
We appreciate responsible disclosure
Bug bounty program coming soon

Report a Vulnerability

What to include in your report

1Description of the vulnerability and its potential impact
2Steps to reproduce the issue
3Any proof-of-concept code or screenshots
4Your contact information for follow-up

Questions about security?

Our security team is happy to answer questions, provide documentation, or help with compliance requirements.

Contact Security Team View Documentation

Security

Security is not an
afterthought

We've built security into every layer of Rax AI. Your data protection and privacy are our top priorities.

Contact Security Team View Practices

99.9%

Uptime SLA

3 Regions

Data Centers

24/7

Security Team

<1 hour

Response Time

Core Principles

Security pillars

Our security approach is built on four foundational pillars that protect your data at every level.

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys are hashed and never stored in plain text.

Authentication

Secure API key authentication with scoped permissions. Support for OAuth 2.0 and SSO for enterprise accounts.

Infrastructure

Hosted on SOC 2 compliant infrastructure with automated security patching and 24/7 monitoring.

Privacy

Your data is never used to train models. We follow data minimization principles and GDPR compliance.

Data Handling

How we handle your data

Transparency in data handling is fundamental to building trust. Here's exactly what happens with your data.

Data Processing

API requests are processed in real-time and not stored permanently
Request logs retained for 30 days for debugging (can be disabled)
No training on customer data - ever
Data processing in your selected region

Data Retention

Usage analytics stored for billing purposes
API logs automatically purged after retention period
Account deletion removes all associated data
Export your data anytime via dashboard

Data Protection

End-to-end encryption for all API communications
Encrypted database backups with 7-day retention
Regular security audits and penetration testing
Incident response team on standby 24/7

Important: We Never Train on Your Data

Your API requests and responses are never used to train, fine-tune, or improve our AI models. Your data remains yours, always. This commitment is contractually guaranteed for all customers.

Features

Security features

Built-in security features to help you maintain control and visibility.

API Key Management

Create multiple API keys with granular permissions. Rotate keys without downtime.

Scoped permissionsKey rotationUsage limitsIP allowlists

Access Control

Role-based access control for team members with detailed audit logs.

Role-based accessTeam managementAudit logsSession management

Rate Limiting

Intelligent rate limiting to protect against abuse and ensure fair usage.

Per-key limitsBurst protectionAutomatic scalingCustom limits

Monitoring & Alerts

Real-time monitoring with instant alerts for suspicious activity.

Usage anomaliesFailed auth alertsThreshold alertsSlack/webhook integration

Compliance

Certifications & compliance

We're committed to meeting the highest industry standards for security and privacy.

SOC 2 Type II

In Progress

Security, availability, and confidentiality controls

GDPR

Compliant

EU General Data Protection Regulation

CCPA

Compliant

California Consumer Privacy Act

HIPAA

Roadmap

Health Insurance Portability and Accountability

Responsible Disclosure

Found a vulnerability?

We take security vulnerabilities seriously. If you've discovered a security issue, we encourage you to report it to us responsibly.

Report via email to [email protected]
We respond within 24 hours
We appreciate responsible disclosure
Bug bounty program coming soon

Report a Vulnerability

What to include in your report

1Description of the vulnerability and its potential impact
2Steps to reproduce the issue
3Any proof-of-concept code or screenshots
4Your contact information for follow-up

Questions about security?

Our security team is happy to answer questions, provide documentation, or help with compliance requirements.

Contact Security Team View Documentation

Security is not anafterthought

Security pillars

Encryption

Authentication

Infrastructure

Privacy

How we handle your data

Data Processing

Data Retention

Data Protection

Important: We Never Train on Your Data

Security features

API Key Management

Access Control

Rate Limiting

Monitoring & Alerts

Certifications & compliance

SOC 2 Type II

GDPR

CCPA

HIPAA

Found a vulnerability?

What to include in your report

Questions about security?

Security is not anafterthought

Security pillars

Encryption

Authentication

Infrastructure

Privacy

How we handle your data

Data Processing

Data Retention

Data Protection

Important: We Never Train on Your Data

Security features

API Key Management

Access Control

Rate Limiting

Monitoring & Alerts

Certifications & compliance

SOC 2 Type II

GDPR

CCPA

HIPAA

Found a vulnerability?

What to include in your report

Questions about security?

Security is not an
afterthought

Security is not an
afterthought