Security & trust at Ruxii
We take a defense-in-depth approach to protecting customer data, availability, and privacy. This page summarizes our current posture and near-term roadmap priorities.
Last updated: February 21, 2026
Isolation, least privilege, and baseline hardening across infrastructure, data, and endpoints.
Row-level security where applicable, scoped service roles, and access reviews help keep data constrained.
Watchgrid powers incident detection, runbooks, and notifications with clear ownership.
Resilience improvements are ongoing, including multi-region recovery planning.
Detection and triage processes are supported by Watchgrid playbooks and paging.
SOC 2 Type I/II sequencing is planned; scope and timing may change.
Security principles
- Least privilege: Every service identity, role, and human account is scoped to the minimum required access.
- Defense in depth: Layers of protection from infrastructure to application to user experience.
- Transparency: We document controls, publish incidents, and share roadmaps so stakeholders know what to expect.
What customers can expect
We secure the platform, infrastructure, and operational processes. Customers retain responsibility for user access, content, and configuration choices inside their environments. We provide guardrails, documentation, and tooling to make that easier.
Data protection
- Supabase with Row Level Security applied across core multi-tenant data paths.
- Service-role isolation with scoped JWTs and short-lived secrets.
- Encryption at rest with TLS in transit across core infrastructure.
Identity & access
- MFA is required for privileged internal access where supported.
- Time-bounded production access approvals are being standardized.
- Periodic access reviews and drift checks are part of operations.
Monitoring & response
- Watchgrid for health, incidents, and runbooks with ownership.
- Structured logging with retained audit trails for sensitive actions.
- n-of-m incident paging and follow-the-sun notification pathways.
SOC 2 Type I → II
SOC 2 Type I and Type II sequencing is planned. Scope, auditor timelines, and delivery windows may evolve as readiness work progresses.
Regional resilience
Active-active deployment patterns for Canada and US regions with EU data residency evaluation on the roadmap. Customer-selectable storage locations will follow once validation completes.
Customer audit exports
Self-serve exports with event trails, policy attestations, and access reports so customers can feed their own compliance workflows without support tickets.
Advanced policy engine
Fine-grained rules with PII-aware triggers, automated approvals, and escalation paths mapped to Watchgrid to reduce human error.
Docs & disclosures
- Privacy Policy — how we collect, process, and retain data.
- Terms of Use — legal terms for our public site.
- Investor Overview — roadmap and trust disclosures.
- Accessibility statement (in progress) and SOC 2 report sharing via NDA once available.
Contact the trust team
Security questionnaires and deeper trust discussions are available for prospective customers and partners. Additional security artifacts may be shared under appropriate review and confidentiality terms.
Security is an ongoing commitment. We update this page as controls evolve and timelines adjust. Information on this page is provided for general transparency and does not constitute a legal, regulatory, or certification warranty.