Last updated: July 2, 2026
RGX Systems ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect about our VAR operators, how we use it, and your rights. By using our infrastructure, you agree to this policy.
RGX Systems is a wholesale B2B utility infrastructure provider. We provide API access — ingest, processing, and usage tracking endpoints — to approved Value-Added Resellers (VARs). VARs build their own products and services on top of our infrastructure and are solely responsible for their relationships with their own clients.
This policy covers data RGX Systems collects about its VAR operators. It does not govern the data VARs process on behalf of their own clients — VARs are independently responsible for their data practices and compliance obligations toward their end users.
Every API request authenticated against your VAR node is logged for billing and operational purposes:
We do not log the content of your payloads — message text, contact names, and other payload data are processed in memory and not persisted to our database unless you explicitly pass them as metadata fields.
/usage endpointWe do not sell your data. We do not use payload data for model training or third-party profiling. Your business data is yours.
Zero PHI Persistence. When the healthcare industry profile is active, Protected Health Information is scrubbed from input text in-memory before any LLM call or database write. Raw PHI is never written to our database, log files, or transmitted to any LLM provider.
When a VAR submits a request to /api/v1/process with config.industry: "healthcare":
scrubPHI() function runs entirely in RAM, identifying and replacing HIPAA identifiers (SSNs, DOBs, MRNs, Insurance IDs, NPIs, phone numbers, email addresses, and street addresses) with bracketed labels such as [SSN REDACTED]RGX Systems will execute a Business Associate Agreement with any VAR whose clients operate in the healthcare sector. Render Services, Inc. (our infrastructure provider) has executed a HIPAA BAA with RGX Systems, establishing the required chain of agreements. To request a BAA, contact legal@rgxsystems.com or visit /baa.
When config.industry: "professional_services" is set, our scrubPII() function additionally redacts EINs, SSNs, account numbers, routing numbers, and payment card numbers before any LLM call. Same zero-persistence guarantee applies.
For a full technical description of data movement through each processing stage, see the RGX Data Flow Diagram.
RGX Systems does not use VAR payload data to train machine learning models. Specifically:
/api/v1/process or /api/v1/ingest is not stored in a form that could be used for model trainingWhen you call the /process endpoint with gateway routing enabled (by providing config.industry and config.routing_profile), input data is forwarded to our LLM provider under a data processing agreement that prohibits use of submitted data for model training. For healthcare and professional services, PHI/PII is scrubbed before this forwarding occurs. If you use passthrough: true, data is logged for billing purposes and not forwarded to any LLM.
We share data only with the following trusted subprocessors necessary to operate our infrastructure. Each subprocessor operates under a data processing agreement with RGX Systems:
We do not share your data with any other third parties, advertisers, or data brokers. Our full subprocessor list is available on request at security@rgxsystems.com.
VAR audit rights for seat billing are guaranteed. VARs have the right to audit their seat-metering data at any time via API or by requesting a formal billing export. RGX Systems will not dispute a billing discrepancy without providing machine-readable evidence.
The Seat Metering Ledger (GET /api/v1/usage, GET /api/v1/billing/summary) records the following per tenant workspace:
VARs may query their seat ledger at any time:
GET /api/v1/usage?month=YYYY-MM — full seat-level breakdown for any historical month (up to 12 months)GET /api/v1/billing/summary — current month totals: active_seats, base_fee, seat_fee, estimated_totalGET /api/v1/clients/:ref/usage — per-tenant seat activity for a specific workspaceAll billing responses are returned as structured JSON and may be downloaded by VARs for independent verification. Responses include a billing_period, seat_count, per_seat_rate, and a line_items array with one entry per active seat.
If you believe your seat count is incorrect, contact billing@rgxsystems.com within 14 days of invoice with the disputed month and your independently counted seat list. RGX Systems will respond within 5 business days with a line-item billing export. If the export confirms a metering error, a credit will be applied to the following invoice. RGX Systems will not charge a disputed seat without providing log-level evidence of authenticated activity.
As a VAR operator, you have the right to:
/usage endpoint or by contacting usTo exercise any of these rights, contact us at privacy@rgxsystems.com.
Our public website uses minimal cookies necessary for session management. The VAR API does not use cookies — all authentication is via the X-Api-Key header. We do not use tracking cookies or third-party advertising cookies.
RGX Systems is a strictly business-to-business infrastructure service. We do not knowingly collect or process data from individuals under 18, and we do not provide consumer-facing products or services.
We may update this policy from time to time. We will notify VAR operators of material changes via email. Continued use of the infrastructure after changes constitutes acceptance of the updated policy.
For privacy-related questions or requests, contact us at:
Email: privacy@rgxsystems.com
Website: rgxsystems.com