Security & compliance

Security is the product.

Built for enterprises that take risk seriously. SOC 2 Type II, ISO 27001 and a security team that treats every release like an audit.

Request security package Read the DPA

Compliance

Certified, audited, documented.

SOC 2 Type II

Independently audited annually against trust services criteria.

ISO 27001

Information security management system certified to international standard.

GDPR & UK GDPR

Full data subject rights, DPA available, EU-hosted option.

CCPA

California consumer privacy rights honored globally.

HIPAA

BAA available on Enterprise plans for healthcare workloads.

PCI DSS

All payments processed by Stripe — we never store card data.

Controls

How your data stays safe.

Encryption everywhere

TLS 1.3 in transit. AES-256 at rest. Field-level encryption for sensitive data.

SSO + SCIM

SAML SSO with Okta, Azure AD, Google Workspace. SCIM provisioning included on Enterprise.

Isolated tenancy

Per-tenant data isolation enforced at the database row level and in application code.

Multi-region hosting

EU and US regions available. Choose where your data lives at workspace creation.

Audit logs

Every admin action, integration call and data export is logged and exportable.

Least privilege

Production access is just-in-time, MFA-gated, and reviewed quarterly.

Responsible disclosure

Found a vulnerability? Tell us.

We acknowledge every report inside 24 hours, fix verified issues fast, and reward qualifying findings through our bug bounty program.

Email security@rexxon.ai View subprocessors

Need our full security package?

SOC 2 report, ISO certificate, pen test summary, architecture diagrams and questionnaire responses — sent on request.

Request packageTalk to sales