Security & Trust

Learn how RouKey protects your data, API keys, and AI requests with enterprise-grade security.

Security First: Your data security and privacy are our top priorities. We implement industry-leading security measures to protect your information.

🔒 Data Protection

Zero Content Storage

RouKey does not store, log, or access the content of your AI requests and responses. Your conversations and data remain completely private.

Encryption Standards

  • In Transit: All data is encrypted using TLS 1.3 with perfect forward secrecy
  • At Rest: Sensitive data is encrypted using AES-256 encryption
  • API Keys: Stored using industry-standard encryption with unique salt values
  • Database: All database connections use encrypted channels

Data Minimization

  • We only collect data necessary for service operation
  • Personal information is limited to account essentials
  • Usage analytics are aggregated and anonymized
  • Automatic data purging for inactive accounts

🛡️ Infrastructure Security

Cloud Security

Vercel Platform

  • SOC 2 Type II certified
  • Global edge network
  • DDoS protection
  • Automatic security updates

Supabase Database

  • PostgreSQL with RLS policies
  • Encrypted backups
  • Network isolation
  • Regular security patches

Network Security

  • Web Application Firewall (WAF) protection
  • Rate limiting and abuse prevention
  • IP allowlisting for enterprise customers
  • Continuous monitoring for threats
  • Automated incident response

🔑 API Key Security

⚠️ Your Keys, Your Control

You maintain full control over your AI provider API keys. RouKey encrypts and securely stores them, but you can revoke or rotate them at any time.

Key Management

  • Encryption: All API keys are encrypted with unique encryption keys
  • Access Control: Keys are only accessible to your account
  • Audit Logging: All key usage is logged for security monitoring
  • Rotation Support: Easy key rotation without service interruption
  • Secure Deletion: Keys are securely wiped when deleted

Best Practices

  • Use API keys with minimal required permissions
  • Regularly rotate your API keys
  • Monitor usage patterns for anomalies
  • Never share your RouKey account credentials
  • Enable two-factor authentication when available

🔐 Authentication & Access Control

User Authentication

  • Secure email-based authentication
  • JWT tokens with short expiration times
  • Session management with automatic timeout
  • Password strength requirements
  • Account lockout protection against brute force attacks

API Security

  • X-API-Key header authentication
  • Request signing and validation
  • Rate limiting per API key
  • IP-based access restrictions (Enterprise)
  • Real-time abuse detection

📊 Security Monitoring

Continuous Monitoring

  • 24/7 security monitoring and alerting
  • Automated threat detection and response
  • Regular vulnerability assessments
  • Penetration testing by third-party security firms
  • Security incident response procedures

Audit Logging

  • Comprehensive audit trails for all actions
  • Immutable log storage
  • Real-time anomaly detection
  • Compliance reporting capabilities
  • Log retention according to industry standards

🏆 Compliance & Certifications

Privacy Compliance

  • ✅ GDPR compliant
  • ✅ CCPA compliant
  • ✅ Privacy by design
  • ✅ Data minimization

Security Standards

  • 🔒 SOC 2 Type II (via providers)
  • 🔒 ISO 27001 aligned
  • 🔒 OWASP Top 10 protection
  • 🔒 Industry best practices

Enterprise Features

  • Single Sign-On (SSO) integration
  • Advanced audit logging and reporting
  • Custom data retention policies
  • Dedicated security support
  • On-premise deployment options (coming soon)

🚨 Incident Response

Response Procedures

  • Immediate containment and assessment
  • Rapid notification to affected users
  • Transparent communication about incidents
  • Post-incident analysis and improvements
  • Coordination with law enforcement if required

Communication Channels

In case of a security incident, we will notify affected users within 72 hours through:

  • Email notifications to registered addresses
  • In-app security alerts
  • Public status page updates
  • Direct communication for enterprise customers

🔍 Security Transparency

Regular Updates

  • Quarterly security reports
  • Annual third-party security audits
  • Public disclosure of resolved vulnerabilities
  • Security roadmap and improvements

Bug Bounty Program

We welcome security researchers to help us maintain the highest security standards. Our responsible disclosure program includes:

  • Clear reporting guidelines
  • Rapid response to valid reports
  • Recognition for security researchers
  • Coordinated disclosure process

📞 Security Contact

For security-related inquiries, vulnerability reports, or urgent security matters:

PGP Key: For sensitive security communications, please use our PGP key available at roukey.online/pgp-key

Security reports will be acknowledged within 24 hours and addressed according to severity.

🔒 Security Highlights

  • • Zero content storage
  • • AES-256 encryption
  • • TLS 1.3 in transit
  • • SOC 2 Type II
  • • 24/7 monitoring

🚨 Report Security Issues

Found a security vulnerability?

security@roukey.online

🏅 Certifications

  • ✅ GDPR Compliant
  • ✅ CCPA Compliant
  • ✅ ISO 27001 Aligned
  • ✅ OWASP Protected