Security & Privacy

Your data stays yours

Enterprise-grade security built in from day one. We never train on your data.

Encryption at rest and in transit

All data is encrypted at rest using AES-256 and in transit via TLS 1.3. Vector embeddings and document chunks are stored in isolated, tenant-scoped environments.

SOC 2 Type II (in progress)

We implement SOC 2 controls across security, availability, and confidentiality. Our Type II audit is scheduled for completion in Q2 2026.

Role-based access control

Granular permissions at workspace, source, and document levels. Admins, editors, and viewers each have clearly defined access scopes.

No training on customer data

Your documents are used exclusively for your queries. We never use customer data to train, fine-tune, or improve shared models.

Audit logs

Enterprise plans include comprehensive audit trails for all queries, source changes, and permission modifications — exportable for compliance reviews.

Data retention controls

Configure automatic data deletion policies. Delete your workspace and all associated data at any time with full permanent removal within 30 days.

Infrastructure

Ragixy runs on Cloudflare's global network with data residency options in the US and EU. All infrastructure is managed with zero-trust principles, regular penetration testing, and automated vulnerability scanning.

Compliance

We are GDPR-ready and support Data Processing Agreements (DPA) for all paid plans. Enterprise customers can request custom compliance documentation and security questionnaires.

Report a vulnerability

If you discover a security issue, please report it to security@ragixy.com. We respond to all reports within 48 hours.