HTTPS / TLS 1.3AES-256GDPR CompliantSOC 2 Type II
Data Encryption
- TLS 1.3 — end-to-end encryption for all data in transit
- AES-256 — encryption for data at rest
- CAD files are auto-deleted from servers after analysis
- Session-based temporary storage — no permanent retention
Infrastructure Security
- Cloud infrastructure: AWS / Supabase (SOC2-certified platform)
- Network isolation and firewall protection
- Regular security patches and vulnerability scanning
- DDoS protection and WAF enforcement
Access Control
- Role-Based Access Control (RBAC)
- Admin multi-factor authentication (MFA)
- Per-request API token verification
- Audit logs — all administrative actions recorded
Compliance
- GDPR — European General Data Protection Regulation
- PIPA — Republic of Korea data protection compliance
- SOC 2 Type II — in certification process
- Regular third-party security assessments
Data Handling Principles
- Data minimization — only collect what the service requires
- Purpose limitation — data used only for stated purposes
- User data is never used to train AI models
- Full deletion within 30 days of a deletion request
Enterprise Security
- SSO & SAML support (Enterprise plan)
- Dedicated solver instances — data isolation
- On-premise deployment option
- Custom SLA and dedicated security contact
For security inquiries or vulnerability reports, contact security@rhxlab.com.