Every claim on this page is verifiable by your IT team. No trust required.
Rendex runs as a single Docker Compose stack inside a dedicated Azure confidential VM provisioned for your firm — sealed by AMD SEV-SNP memory encryption and backed by an NVIDIA H100 TEE. Eight containers, one network, hardware-attested isolation from the cloud operator.
Two tiers are available: Private Cloud Standard (gpt-oss-20B, shared H100) and Private Cloud Dedicated (gpt-oss-120B, dedicated H100). Every deployment includes a dedicated vision-language model for machine vision OCR of scanned documents.
TLS 1.3
Node.js
Vector search
LLM + embeddings
Auth + audit
BM25 keyword
Doc parsing
Session cache
The enclave seals all memory and model weights at the hardware level. All inference, embedding, parsing, and search happen inside the confidential VM. Not even the cloud operator can read plaintext data or model weights in memory.
Request the NVIDIA H100 attestation report and AMD SEV-SNP attestation quote for your enclave. These cryptographic proofs confirm that the VM is running the expected code inside a hardware-sealed environment and that no external party — including the cloud operator — can access memory contents.
Your files stay in your storage. The AI reads them on demand via a retrieval pipeline. Documents are never incorporated into model weights.
Remove a file and it's gone from the vector index, keyword index, and database — instantly and completely. No residual knowledge in the model.
The LLM is a pre-trained open model. Your documents are never used to update, fine-tune, or modify it.
Documents are scoped to matters. Queries respect matter boundaries. A user without access to a matter cannot retrieve its documents, even with a direct query.
Delete a document via the admin panel. Immediately query for its content — it will not appear in results. Inspect the Qdrant and OpenSearch indexes directly to confirm removal.
OpenID Connect with JWKS signature validation. Your firm's MFA, Conditional Access, and device compliance policies apply automatically.
Admin, partner, attorney, paralegal, and staff roles. Permissions enforced server-side on every request, not just at the UI layer.
Users only see documents for matters they have access to. Permissions are checked at the retrieval layer — not just the display layer.
Cross-matter queries are blocked in the retrieval engine itself. No shared accounts, no API keys exposed to end users.
Create two test users with access to different matters. Log in as each and run the same query. Results will differ based on matter access. Check the audit log to confirm both queries were logged with the correct user identity.
User identity, timestamp, query text, sources retrieved, answer generated, model used, and response time — all recorded.
User, authentication method (SSO or local), IP address, and timestamp. Failed login attempts are also recorded.
Upload, access, deletion, and permission changes. Full chain of custody for every document in the system.
Audit log is stored in PostgreSQL as an append-only table. Exportable as CSV for compliance review or incident response. The system rejects modification attempts. Clause table runs and guided workflow executions are also logged with user identity, matter context, sources, and timing.
Run a query, then export the audit log. Confirm the query appears with the correct user, timestamp, and sources. Attempt to modify an audit entry via the admin panel — the system will not allow it.
All client-to-server communication encrypted via HTTPS through Nginx. Self-signed certificate generated at install, replaceable with your own CA certificate.
All inter-container traffic stays on an internal Docker network. PostgreSQL, Qdrant, and all inference services are not exposed to the host network.
Only two ports exposed: HTTPS (443) and HTTP redirect (80). All other services communicate exclusively on the internal Docker bridge network.
No analytics, no usage tracking, no license checks, no auto-updates. Updates are versioned container images applied on your schedule by your IT team.
Inspect the Nginx configuration. Run nmap against the Rendex host — only ports 80 and 443 will respond. Monitor DNS queries from the host — none will originate from Rendex services.
Architecture built around SOC 2 control objectives: access control, audit logging, encryption, and change management. Not yet independently audited — we are transparent about that.
Hardware-attested confidential compute — where not even the cloud operator can read plaintext inside the enclave — is designed to support compliance with the duty of confidentiality and the ABA's guidance on generative AI use.
Supports GDPR and PIPEDA data sovereignty requirements by running in a customer-selected Azure region inside a confidential enclave sealed by AMD SEV-SNP and NVIDIA H100 TEE. No data processed by third parties — not even the cloud operator can access plaintext data in the enclave.
Rendex is aligned with these frameworks but has not completed independent third-party audit. We provide documentation and verification steps so your team can assess compliance directly.
Architecture diagram, data flow documentation, encryption details, and access control summary. No NDA required.
Send us your security questionnaire and we'll return it completed within two business days.
We work with your security team, not the other way around. We'll join calls with your CISO, complete vendor assessments, and provide whatever documentation your review requires.
Full dependency inventory (SBOM) for every container in the stack. Know exactly what's running inside your enclave.
Every Docker image is versioned and tagged. Base images, build layers, and dependency sources are documented so your team can audit the full supply chain.
Updates are versioned Docker images pulled on your schedule by your IT team. No auto-updates, no forced migrations. You control when and how updates are applied.
Dedicated security contact for vulnerability reports. We follow coordinated disclosure practices and notify affected customers within 24 hours of confirmed issues.
Automated scanning of all dependencies for known CVEs. Critical vulnerabilities are patched and released within 48 hours of disclosure.
Backup procedures for PostgreSQL, Qdrant vector indexes, OpenSearch indexes, and system configuration. Your IT team owns the backup schedule and retention policy.
Recovery time and recovery point objectives documented for each component. Restore procedures tested and included in the deployment guide.
Run a backup using the provided scripts. Restore to a test environment and confirm all indexes, configuration, and audit history are intact.
Every claim above can be independently verified by your IT team during the evaluation. Here's the checklist:
We respond within 2 business days. No NDA required for the security packet.
Request Security Packet Book a Demo