Data handling
Rinox processes the data you provide to generate integration code: your account email, the use-case prompt you submit, the source and destination platforms you select, and any API documentation you upload for review. We do not collect customer data from the platforms you integrate.
Code retention
Generated code and the prompts used to produce it are retained for up to 30 days for support, abuse-prevention, and quality-improvement purposes. After 30 days, generation records are deleted from production systems.
Encryption
Data is encrypted in transit using TLS 1.2 or newer, and at rest on the managed services we depend on.
Sub-processors
We rely on a small set of sub-processors to deliver the service.
Supabase
Authentication, application database, and object storage.
Vercel
Application hosting, edge network, and TLS termination.
AI model providers
Generation of integration code from your use-case prompt.
Specific vendor names within each category are deliberately abstracted; the current list and material changes are available on request to enterprise customers.
Access controls
Production access is limited to named operators on the smallest set required for the role, with multi-factor authentication required on every privileged surface. Row-level security is enabled on the application database; service-role access is constrained to server-side workloads.
SOC 2
SOC 2 readiness is in progress. Customers under NDA can request the in-progress controls matrix and our completed vendor assessments by emailing the security contact below.
Security contact
Reach the security team at security@rinox.io. Vulnerability reports are reviewed within two business days.