Security & trust at Ruxii
We take a defense-in-depth approach to protecting customer data, availability, and privacy. This page summarizes the controls live today and what’s on the near-term roadmap.
Last updated: November 4, 2025
Isolation, least privilege, and baseline hardening across infrastructure, data, and endpoints.
Row-level security, scoped service roles, and granular access reviews keep data constrained.
Watchgrid powers incident detection, runbooks, and notifications with clear ownership.
SLO for production services with multi-region recovery in progress.
Detection to triage using Watchgrid playbooks and paging.
Type I audit targeted for Q2; Type II program kicks off immediately after.
Security principles
- Least privilege: Every service identity, role, and human account is scoped to the minimum required access.
- Defense in depth: Layers of protection from infrastructure to application to user experience.
- Transparency: We document controls, publish incidents, and share roadmaps so stakeholders know what to expect.
What customers can expect
We secure the platform, infrastructure, and operational processes. Customers retain responsibility for user access, content, and configuration choices inside their environments. We provide guardrails, documentation, and tooling to make that easier.
Data protection
- Supabase with Row Level Security enforced for every query.
- Service-role isolation with scoped JWTs and short-lived secrets.
- Per-tenant encryption keys for at-rest data; TLS everywhere in transit.
Identity & access
- Mandatory MFA for internal admin tools and privileged accounts.
- Just-in-time elevation for production access with automatic expiry.
- Quarterly access reviews and automated drift alerts.
Monitoring & response
- Watchgrid for health, incidents, and runbooks with ownership.
- Structured logging with immutable audit trails for sensitive actions.
- n-of-m incident paging and follow-the-sun notification pathways.
SOC 2 Type I → II
Type I readiness is underway with audit targeted for Q2. We transition into continuous monitoring and Type II evidence collection immediately after to keep controls active year-round.
Regional resilience
Active-active deployment patterns for Canada and US regions with EU data residency evaluation on the roadmap. Customer-selectable storage locations will follow once validation completes.
Customer audit exports
Self-serve exports with event trails, policy attestations, and access reports so customers can feed their own compliance workflows without support tickets.
Advanced policy engine
Fine-grained rules with PII-aware triggers, automated approvals, and escalation paths mapped to Watchgrid to reduce human error.
Docs & disclosures
- Privacy Policy — how we collect, process, and retain data.
- Terms of Use — legal terms for our public site.
- Investor Overview — roadmap and trust disclosures.
- Accessibility statement (in progress) and SOC 2 report sharing via NDA once available.
Contact the trust team
Security questionnaires, penetration test summaries, and deeper discussions are available for prospective customers and partners. Reach out and we’ll coordinate a secure document room or briefing.
Security is an ongoing commitment. We update this page as new controls ship or timelines adjust. Subscribe to Watchgrid status updates for real-time availability and incident communications.