Zero-Leakage Security Architecture

PII NEVER REACHES
THE MODEL.

RGX intercepts every payload before it hits an LLM — scrubbing PII, PHI, and financial identifiers in real-time. Tenant data is isolated at the data layer. Every redaction is logged to an immutable compliance event trail. Every API key is SHA-256 hashed. No plaintext credentials stored. No payload content persisted. This is what zero-leakage means in practice.

For Enterprise Security Teams
CISO TECHNICAL OVERVIEW
Encryption at Rest
AES-256-GCM. All sensitive configuration data, tenant records, and API key hashes stored on encrypted PostgreSQL volumes. Managed encryption keys, not user-controlled.
Encryption in Transit
TLS 1.3 enforced on all inbound API connections and outbound LLM provider calls. HTTP connections are rejected — no plaintext path exists. Certificate pinning available for dedicated deployments.
API Key Security
SHA-256 hashed before any persistence. Plaintext key displayed once at provisioning and never stored. Authentication validates incoming key hash against stored hash. Even a full database dump cannot reveal the key. 48-character hex keys from CSPRNG source.
PII / PHI Tokenization
Automated in-memory scrubbing on every POST /api/v1/process call. Identifiers replaced with sequentially numbered tokens ({{REDACTED_PHI_1}}, {{REDACTED_FIN_2}}) before any LLM call or database write. Token map is never stored — raw values discarded immediately after the scrub pass.
Zero Raw Text Retention
Payload content (message text, PII, PHI, financial data) is processed in-memory only and is never written to our database, log files, message queues, or any external service. Central logging servers record only metadata: endpoint, timestamp, byte count, token count, status code, and redaction event counts.
Tenant Isolation
Every client_ref workspace is isolated at the database query level — not application-layer logic. A sub-key issued for Tenant A cannot access Tenant B's data. Cross-tenant access returns 403 at the infrastructure level before any query executes.
Immutable Audit Log
Every compliance event (redaction fired) writes a non-blocking entry to compliance_redaction_events: event_id, node_id, tenant_id, seat_id, industry, redaction_count, token_namespace, and created_at. This log cannot be modified or deleted by API. It is the evidence trail auditors point to.
Infrastructure
Render Services Inc. — SOC 2 Type II certified (Security, Confidentiality, Availability). HIPAA BAA executed with Render. PostgreSQL with encrypted connections. Secrets managed via environment variables — never hardcoded. Production access restricted to authorized RGX personnel with MFA enforced.
LLM Provider BAA
Anthropic, PBC operates under a Data Processing Agreement with RGX Systems that explicitly prohibits use of submitted API data for model training. LLM providers receive only tokenized (scrubbed) payloads — raw PHI or PII never reaches them.
Breach Notification
72-hour notification of any impermissible PHI use or disclosure per BAA and 45 CFR §164.410. 60-day notification for Security Incidents per HIPAA Security Rule. RGX will provide sufficient information for covered VARs to satisfy their own breach notification obligations.
Dedicated / Air-Gapped
Available for enterprises requiring data residency or VPC isolation. Docker pull or Terraform (AWS ECS Fargate, Azure AKS). Offline RS256 LICENSE_KEY JWT — no outbound RGX network calls. Full deployment reference: /deploy.
BAA → DPA → Data Flow Diagram → security@rgxsystems.com
Every VAR node is completely isolated

Each provisioned node operates in its own isolated data context. Usage events, billing aggregates, and API key data for one VAR are never accessible to another — not through the API, not through the dashboard, not even to us in normal operations. Complete data segregation is enforced at the database query level.

API keys are hashed — never stored

Your Master API Key is shown exactly once at provisioning. We immediately SHA-256 hash it before writing anything to the database — the plaintext key is never persisted. Authentication validates the incoming key hash against the stored hash. Even a full database dump cannot reveal your key.

Payload content is not persisted

Message text and payload content you transmit through /api/v1/process is processed in memory only — it is never written to our database. We log metadata only: endpoint, timestamp, byte count, token count, and redaction event count. Your clients' regulated data does not live in our storage.

AES-256-GCM at rest — TLS 1.3 in transit

All sensitive configuration data — credentials, tokens, and internal keys used to operate the infrastructure — is encrypted with AES-256-GCM before being written to disk. All data is transmitted exclusively over TLS 1.3. Your data is unreadable without the encryption key even if someone accessed the server directly.

Your payload data is never used for model training

Data transmitted through the /process endpoint is forwarded to our processing pipeline provider under a data processing agreement that prohibits use of submitted data for model training. If you use passthrough: true, data is not forwarded at all — the request is logged and stored only.

Rate limiting and abuse prevention

All API endpoints are rate-limited to prevent abuse and brute-force attacks against your node. Invalid key attempts are tracked. Nodes exhibiting anomalous usage patterns are flagged for review. Your key cannot be guessed — it is a 48-character hex string generated from a cryptographically secure random source.

Built on trusted infrastructure

Hosted on Render (SOC 2 Type II certified). Database on PostgreSQL with encrypted connections. All secrets managed via environment variables — never hardcoded. Infrastructure access restricted to authorized RGX Systems personnel only.

ENTERPRISE-GRADE COMPLIANCE
SOC 2 TYPE II

RGX runs on Render's SOC 2 Type II certified infrastructure — independently audited for Security, Confidentiality, and Availability. Audit period: October 2024 – September 2025.

GDPR COMPLIANT

Our infrastructure provider maintains a GDPR Data Processing Agreement (DPA). VAR operator data is handled in accordance with GDPR requirements. See our DPA for full details.

WHAT WE WILL NEVER DO
  • Forward raw PII, PHI, or financial identifiers to any LLM
  • Store plaintext API keys — only SHA-256 hashes
  • Persist payload content (message text, PII, PHI) to the database
  • Use payload data for model training or profiling
  • Allow cross-tenant data access — enforced at the data layer
  • Log AI response content to persistent storage
  • Access your node data without authorization
  • Contact RGX servers in dedicated/air-gapped deployments
THE SCRUB PIPELINE
🛡
Real-time PII/PHI interception

Every /process request passes through the Compliance Engine before any LLM call is made. Text is scanned for PII/PHI using industry-specific pattern sets, identifiers are replaced with numbered tokens ({{REDACTED_PHI_1}}, {{REDACTED_FIN_2}}), and the scrubbed text is what the model receives. Raw identifiers never leave your network.

📋
Immutable compliance event log

Every request that triggers a redaction fires a non-blocking write to compliance_redaction_events — permanently recording the timestamp, tenant_id, seat_id, redaction count, and pattern types matched. This log cannot be modified or deleted by API. It is the evidence trail a CISO or auditor can point to.

QUESTIONS ABOUT SECURITY?

Email us at security@rgxsystems.com — we respond to every inquiry.

Get Started Free → Read our Data Processing Agreement →