Security and privacy are the foundation of our AI runtime governance platform. Learn how we handle your data, protect your keys, and secure model integrations.
RaksHex only collects API metadata (endpoint paths, request methods, header structures, and cost telemetry). We never store raw prompt payloads or completions. Payloads are processed inside volatile memory at runtime for validation and then immediately discarded.
All metrics, settings, and metadata are stored in a secure PostgreSQL/MySQL database hosted on AWS/Render. Enterprise customers can choose custom geographic locations for data residency (including India, EU, and US).
By default, data is retained for 30 days on our Free tier and 1 year on our Pro tier. Enterprise accounts can define custom retention policies up to 7 years with automated purging.
We have a strict policy: **we never train our models or classification engines** on your API keys, prompts, metadata, or telemetry logs. Your data remains strictly yours.
All network communication between your servers, the RaksHex portal, and LLM endpoints is encrypted using TLS 1.3. Unencrypted HTTP requests are automatically rejected.
All databases and storage volumes are encrypted using military-grade AES-256-GCM. Master encryption keys are rotated periodically.
Our system architecture is designed from the ground up to support SOC 2 controls. We are currently **In Progress** for our SOC 2 Type II audit.
We run automated vulnerability scans weekly. Our next external white-box penetration test is **Based on internal benchmark methodology**.
Our scanner engine maps security vulnerabilities directly to the latest OWASP Top 10 for LLM Applications guidelines, covering prompt injection, insecure output handling, and excessive agency.
We strictly follow India's Digital Personal Data Protection Act guidelines. We support comprehensive consent logs, user data deletion requests, and local hosting in India region nodes.
We process all customer information in compliance with EU GDPR regulations. Data Processing Agreements (DPA) incorporating Standard Contractual Clauses (SCC) are available for all customers.
We value the contributions of security researchers. If you identify a security gap or vulnerability in RaksHex services, please contact our security team for coordinated disclosure.
security@rakshex.in Disclosures