We built RGX Systems with security and privacy as the foundation — not an afterthought. Here's exactly how we protect your business.
Every customer workspace is completely isolated. Your emails, deals, calendar, and conversations are scoped to your company only. No other RGX customer can ever see your data — not even us.
All OAuth tokens (Gmail, Outlook, Google Calendar) are encrypted with AES-256-GCM before being written to disk. Passwords are salted and hashed. IMAP credentials are encrypted. Your data is unreadable without the encryption key — even if someone got access to the server.
All traffic runs over HTTPS/TLS. Your data is encrypted from your browser to our servers on every request. We never transmit credentials or tokens in plain text.
Your emails, meetings, deals, and conversations are never used to train AI models — not ours, not Anthropic's. Your data is used only to answer your questions, in real time, and then it's gone from the AI's context.
We use industry-standard OAuth 2.0 to connect Gmail, Outlook, and Google Calendar. You authorize the connection — and you can revoke it at any time from your Google or Microsoft account settings. We never store your email password.
Sessions use cryptographically random tokens stored as SHA-256 hashes. Session cookies are httpOnly (JavaScript can't read them) and are scoped to your domain. Sessions expire and can be revoked.
Hosted on Render (SOC 2 Type II certified). Database on PostgreSQL with encrypted connections. All secrets managed via environment variables — never hardcoded.
RGX runs on Render's SOC 2 Type II certified infrastructure — independently audited for Security, Confidentiality, and Availability. Audit period: October 2024 – September 2025.
Our infrastructure provider maintains a GDPR Data Processing Agreement (DPA). Your data is handled in accordance with GDPR requirements for lawful processing and data protection.
Email us at security@rgxsystems.com — we respond to every inquiry.
Get Started → Read our Privacy Policy →