Compliant Multi-Tenant AI Integration Gateway

Zero-Leakage AI.
Enterprise
Grade.

RGX sits between your corporate data and every LLM call — scrubbing PII, PHI, and financial identifiers in real-time before they reach any model. Complete tenant isolation at the data layer. Immutable audit trail on every request. One API. Three guarantees.

<50ms
Scrub Latency
100%
Tenant Isolation
5
Regulated Industries
Audit Log Retention
REAL-TIME PHI SCRUBBING IMMUTABLE TENANT ISOLATION OIDC / SAML ENTERPRISE SSO ZERO RAW DATA TO LLMs HIPAA BAA AVAILABLE FINANCE AUDIT TRAIL LEGAL OUTPUT VALIDATION VAR CHANNEL PROGRAM 50%+ MARGINS REAL-TIME PHI SCRUBBING IMMUTABLE TENANT ISOLATION OIDC / SAML ENTERPRISE SSO ZERO RAW DATA TO LLMs HIPAA BAA AVAILABLE FINANCE AUDIT TRAIL LEGAL OUTPUT VALIDATION VAR CHANNEL PROGRAM 50%+ MARGINS

Three Systems.
One Guarantee.

Every request passes through all three systems in sequence: scrubbed before the LLM sees it, isolated at the data layer by tenant, and logged asynchronously for compliance and billing. No shortcuts, no overrides.

01
System 01
Compliance Engine
  • Real-time PII/PHI interception before every LLM call
  • Industry-aware scrub profiles: healthcare, legal, finance, professional_services
  • Numbered token replacement — {{REDACTED_PHI_1}}
  • Compliance event log written on every redaction
  • Zero raw identifiers stored or forwarded to any model
→  POST /api/v1/process
02
System 02
Tenant Isolation Architecture
  • Each client is a fully isolated tenant node (client_ref)
  • Data-layer enforcement — not application logic or query filters
  • Cross-tenant access returns 403 at the infrastructure level
  • OIDC/SAML seat verification: Okta, Azure AD, ADFS
  • Immutable per-request audit trail, permanent retention
→  POST /api/v1/clients
03
System 03
Seat Metering Ledger
  • Non-blocking async ledger — zero latency added to the request path
  • Per-seat logging: seat_id, tenant, model, token count, timestamp
  • VAR billing export endpoint — pull anytime, build your own invoices
  • Active seat detection — only seats that made requests are billed
  • Powers your invoicing at any per-seat price you set
→  GET /api/v1/billing/summary
Compliance Engine

Every Payload. Scrubbed.
Before the LLM Sees It.

RGX intercepts every text payload in-flight at the API gateway layer. Before any content reaches an LLM, the Compliance Engine applies the configured industry scrub profile — identifying SSNs, MRNs, EINs, DOBs, banking credentials, addresses, and insurance identifiers using pattern-matched extraction. Each identified item is replaced with a numbered, typed token ({{REDACTED_PHI_1}}, {{REDACTED_FIN_2}}). The LLM receives the sanitised payload only.

On response, a compliance event log entry is written containing the redaction count, pattern types matched, tenant ID, model used, and timestamp. This log is immutable and retained permanently. Raw PII/PHI is never written to disk, never forwarded to any external system, and never appears in any log file. The entire scrub pipeline runs in under 50ms and sits transparently in the existing /process request path.

Input — What the user submits
// Raw payload — contains PHI { "input": "Patient Jane Smith DOB 04/12/1985
          MRN-88821 complaining of chest pain"
, "config": { "industry": "healthcare" } }
LLM receives — After scrub
// Sanitised payload — PHI replaced with typed tokens { "input": "Patient {{REDACTED_PHI_1}} DOB {{REDACTED_PHI_2}}
          MRN-{{REDACTED_PHI_3}} complaining of chest pain"
} // Response envelope { "ok": true, "response": "Clinical summary: patient presents with...", "phi_redactions": 3, "compliance_event_logged": true, "industry": "healthcare" }
Industry Compliance Matrix

Five Industries.
One Config Flag.

Pass config.industry and the Compliance Engine activates the correct scrub profile automatically. No separate vendor contracts. No additional middleware to configure.

Healthcare
Medical, Dental, Behavioral Health, Home Care
HIPAA compliance layer
PHI scrubbed before every LLM call. SSNs, MRNs, DOBs, insurance IDs, and addresses redacted in-flight with numbered tokens. Compliance event logged on every request. HIPAA BAA available.
"industry": "healthcare"
Finance
Wealth Management, Banking, Lending, Accounting
Full regulatory audit trail
Every request generates a complete audit record: tenant_id, seat_id, model, token count, timestamps, and request fingerprint. All entries are immutable and mapped to the seat for regulatory reporting.
"industry": "finance"
Legal
Law Firms, In-House Counsel, Legal Aid, Court Services
Output validation + mandatory disclaimer
AI output is validated for directive and liability language before delivery. A mandatory legal disclaimer is appended to every AI response. PII is scrubbed from inputs. Output blocked if validation fails.
"industry": "legal"
Professional Services
CPA Firms, Tax Advisory, Accounting Practices
Financial identifier scrubbing + right-to-erasure
EINs, SSNs, routing numbers, account numbers, and credit card data scrubbed before every LLM call. Right-to-erasure purge endpoint included for GDPR/CCPA compliance.
"industry": "professional_services"
Real Estate
Residential, Commercial, Property Management, REITs
Standard — tenant isolation and metering active
Full tenant isolation and seat metering apply. No additional compliance scrub layer required. Integrations for email, CRM, calendar, and document management active for all property workflows.
"industry": "real_estate"
Tenant Isolation

Client A’s Data Cannot
Reach Client B. Ever.

Each client_ref is a fully isolated tenant workspace. All data, credentials, integration tokens, AI context, and usage logs are scoped to that identifier at the data layer — not via application-logic guards or query filters that could be bypassed. The isolation is structural.

Attempting to access one tenant’s data using another tenant’s client_ref returns a 403 at the infrastructure level. Sub-keys issued for a specific tenant cannot be used against any other workspace. OIDC and SAML seat verification add an additional user-identity layer per request, with seat_ids auto-provisioned on first appearance and permanently attributed in the audit trail.

Data-layer enforcement Isolation is enforced at the database query level, not application code. No filter bypass is possible.
Cross-tenant access blocked at infrastructure A sub-key scoped to tenant A returns 403 on any request targeting tenant B. No exceptions.
Encrypted credential vault per tenant OAuth tokens, API keys, and integration secrets are encrypted at rest and scoped to the tenant. Never returned in cleartext. Your application never holds a raw credential.
POST /api/v1/clients — provision a tenant workspace
curl -X POST https://rgxsystems.com/api/v1/clients \ -H "X-Api-Key: rgx_live_your_key" \ -H "Content-Type: application/json" \ -d '{ "client_ref": "sterling-law", "name": "Sterling & Associates", "email": "ops@sterlinglaw.com", "metadata": { "industry": "legal" } }' // Response { "ok": true, "client": { "client_ref": "sterling-law", "status": "active", "isolation": "enforced", "created_at": "2026-07-09T12:00:00Z" } }
POST /api/v1/clients/:ref/connect — connect an integration
curl -X POST https://rgxsystems.com/api/v1/clients/sterling-law/connect \ -H "X-Api-Key: rgx_live_your_key" \ -H "Content-Type: application/json" \ -d '{ "type": "gmail", "config": { "access_token": "ya29...", "refresh_token": "1//0g...", "email": "partner@sterlinglaw.com" } }' // Credentials encrypted and stored in the sterling-law vault only. // Not accessible from any other client_ref. Not returned in cleartext.
Seat Metering Ledger

Every Seat. Every Call.
Logged and Exportable.

The Seat Metering Ledger is a non-blocking asynchronous system. Ledger writes never sit in the critical path of the API response — the request completes first, then the ledger entry is committed in the background. This architecture guarantees metering adds zero latency to any request, regardless of volume.

Every request processed through the gateway is attributed to a seat_id, tenant, model, and timestamp. Active seats are detected automatically — a seat is counted as active only when it makes at least one request in the billing period. VARs pull a per-seat billing export at any time via GET /api/v1/billing/summary and build their own client invoices at whatever per-seat price their market supports.

GET /api/v1/billing/summary — per-seat export
curl https://rgxsystems.com/api/v1/billing/summary \ -H "X-Api-Key: rgx_live_your_key" // Response { "period": "2026-07", "active_seats": 23, "estimated_invoice_usd": "[contact for pricing]", "seats": [ { "client_ref": "sterling-law", "seat_id": "user_jane_doe", "requests_this_period": 412, "first_active": "2026-07-01T08:14:00Z" }, // ... 22 more seats ] }
Security & Compliance Surface

Built for the
CISO’s Checklist.

Every document, certification, and architecture control a security review team will ask for. Available now, not after a sales cycle.

Security Architecture
Immutable Compliance Event Log Every redaction event is written to an append-only log. Entries cannot be modified or deleted. Permanent retention. Exportable on demand for audit purposes.
Zero Raw PII Stored Raw PII/PHI is never written to disk, log files, or any external system. Only numbered token references and redaction counts are retained.
OIDC / SAML Enterprise SSO Native integration with Okta, Azure AD, ADFS, and Google. Seat identity verified on every request. No custom auth required.
Offline License Verification (Dedicated) Dedicated VPC instances verify licenses via RS256 offline JWT. No outbound network call required. Air-gapped deployments fully supported.

Start with
Zero Risk.

Free sandbox — 500 requests, live API key in 2 minutes. No approval required. Production node when you’re ready.

Request a Production Node Read the API Docs

Free sandbox · No credit card · Production node in minutes