RGX sits between your corporate data and every LLM call — scrubbing PII, PHI, and financial identifiers in real-time before they reach any model. Complete tenant isolation at the data layer. Immutable audit trail on every request. One API. Three guarantees.
Every request passes through all three systems in sequence: scrubbed before the LLM sees it, isolated at the data layer by tenant, and logged asynchronously for compliance and billing. No shortcuts, no overrides.
{{REDACTED_PHI_1}}client_ref)RGX intercepts every text payload in-flight at the API gateway layer. Before any content reaches an LLM, the Compliance Engine applies the configured industry scrub profile — identifying SSNs, MRNs, EINs, DOBs, banking credentials, addresses, and insurance identifiers using pattern-matched extraction. Each identified item is replaced with a numbered, typed token ({{REDACTED_PHI_1}}, {{REDACTED_FIN_2}}). The LLM receives the sanitised payload only.
On response, a compliance event log entry is written containing the redaction count, pattern types matched, tenant ID, model used, and timestamp. This log is immutable and retained permanently. Raw PII/PHI is never written to disk, never forwarded to any external system, and never appears in any log file. The entire scrub pipeline runs in under 50ms and sits transparently in the existing /process request path.
Pass config.industry and the Compliance Engine activates the correct scrub profile automatically. No separate vendor contracts. No additional middleware to configure.
"industry": "healthcare"
"industry": "finance"
"industry": "legal"
"industry": "professional_services"
"industry": "real_estate"
Each client_ref is a fully isolated tenant workspace. All data, credentials, integration tokens, AI context, and usage logs are scoped to that identifier at the data layer — not via application-logic guards or query filters that could be bypassed. The isolation is structural.
Attempting to access one tenant’s data using another tenant’s client_ref returns a 403 at the infrastructure level. Sub-keys issued for a specific tenant cannot be used against any other workspace. OIDC and SAML seat verification add an additional user-identity layer per request, with seat_ids auto-provisioned on first appearance and permanently attributed in the audit trail.
The Seat Metering Ledger is a non-blocking asynchronous system. Ledger writes never sit in the critical path of the API response — the request completes first, then the ledger entry is committed in the background. This architecture guarantees metering adds zero latency to any request, regardless of volume.
Every request processed through the gateway is attributed to a seat_id, tenant, model, and timestamp. Active seats are detected automatically — a seat is counted as active only when it makes at least one request in the billing period. VARs pull a per-seat billing export at any time via GET /api/v1/billing/summary and build their own client invoices at whatever per-seat price their market supports.
Every document, certification, and architecture control a security review team will ask for. Available now, not after a sales cycle.
Free sandbox — 500 requests, live API key in 2 minutes. No approval required. Production node when you’re ready.
Free sandbox · No credit card · Production node in minutes