Forwardable proof artifacts and architecture details for IT, security review, and firm leadership.
What runs inside the confidential enclave, what's exposed, and how retrieval works — without implementation-level detail.
The full Rendex stack runs in containers inside a dedicated Azure confidential VM provisioned for your firm. Sealed by AMD SEV-SNP memory encryption and backed by an NVIDIA H100 TEE.
TLS reverse proxy handles all inbound traffic. All other services are inside the confidential VM's private network and not reachable from your LAN.
Vector search + full-text search + reranking, with ACL filtering applied before context assembly. Users only see documents they have access to.
Page-level citations on every answer. Exportable audit logs for every query. Both are available for your team to inspect during the evaluation.
| Instance | Azure NCCadsH100v5 (Confidential Computing) |
| CPU | AMD EPYC with SEV-SNP memory encryption |
| GPU | NVIDIA H100 80 GB HBM3 with TEE attestation |
| Memory | Hardware-encrypted (SEV-SNP sealed) |
| Storage | Encrypted managed disks |
| OS | Ubuntu 24.04 LTS confidential VM image |
| Region | Customer-selected (US, EU, or CA) |
| Attestation | AMD SEV-SNP quote + NVIDIA H100 TEE report on demand |
ACL filtering is applied at the Retrieve step, before any document context is assembled or sent to the language model. Users cannot retrieve documents outside their authorized matters.
Inbound: Ports 80 (redirect) and 443 (HTTPS) only. All other services communicate on an internal-only container network.
Outbound: No outbound egress required after initial setup. Verifiable via the Enclave Attestation Kit and Azure NSG flow logs.
Internal port assignments are documented in the Technical Appendix.
Documents your team can forward to IT, security, and firm leadership. Evaluation deliverables are generated from your environment.
User A vs User B access tests + canary phrase checks. Demonstrates fail-closed enforcement.
Template (example format) ↓Verified page-level citations across 30–100 queries. Tracks incorrect/ambiguous cites and refusals.
Template (example format) ↓AMD SEV-SNP attestation quote + NVIDIA H100 TEE report proving your enclave is hardware-sealed.
Template (example format) ↓CSV/JSON export examples: query → sources/pages → response metadata, filterable by date/matter/user.
Template (example format) ↓Same-day provisioning with minimal disruption and clear operational ownership.
Pre-configured confidential VM. We provision the enclave, your IT runs the smoke test, and confirms all services are healthy. No hardware to ship. Typical setup: same day.
A fresh AMD SEV-SNP attestation quote and NVIDIA H100 TEE report are generated on every boot. All container images and model weights are sealed inside the enclave. No internet required for core workflows after initial setup.
All services configured to start automatically when the VM reboots. Attestation is re-verified on every boot. No manual intervention required after a restart.
Built-in health endpoints for GPU utilization, disk usage, memory, and service latency. Your monitoring stack can poll standard HTTP health checks.
Updates are versioned container images applied via secure channel. Rollback to previous version documented and tested. No forced migrations.
Rendex is model-agnostic. Deployments use only customer-approved models, with a license and provenance summary for each.
| Tier | Policy | Examples |
|---|---|---|
| Approved | Commercial-permitted + customer-approved | GPT-OSS (default) |
| Optional | Supported on request; subject to policy + license review | Alternative open-weight models |
| Not allowed | Non-commercial or restricted licenses for paid deployments | Any “research-only” weights |
Summary of controls relevant to security review.
All client traffic encrypted via HTTPS (TLS 1.3). Self-signed certificate replaceable with your CA. Same-origin policy enforced on the web UI.
Document access is filtered at the retrieval layer before context assembly. Users cannot retrieve documents outside their authorized matters, even with direct queries.
Every query, login, and document action logged to an append-only table. Exportable as CSV for compliance review. The database rejects UPDATE and DELETE operations on audit records.
Memory encrypted by AMD SEV-SNP. GPU sealed by the NVIDIA H100 TEE. No outbound egress after setup. No telemetry, no license checks, no phone-home. All four layers verifiable via Azure Attestation Service reports.
OpenID Connect with JWKS signature validation. Your firm's MFA, Conditional Access, and device compliance policies apply automatically.
Configurable rate limits on all API routes. Protects against abuse and ensures fair resource allocation across users.
Send us your security questionnaire and we return it completed within two business days. No NDA required for the initial packet.
Built around SOC 2 control objectives: access control, audit logging, encryption, change management. Not yet independently audited — we provide verification steps so your team can assess directly.
Concrete metrics your team can measure during the evaluation — not vendor promises.
| Service | Role | Internal only |
|---|---|---|
| Nginx | TLS reverse proxy, rate limiting | Ports 80/443 exposed |
| Chat UI (Node.js) | Web interface + API server | Yes |
| GPU Inference Engine | LLM + embedding inference | Yes |
| Qdrant | Vector database | Yes |
| OpenSearch | Full-text / BM25 search | Yes |
| PostgreSQL | Auth, audit, metadata | Yes |
| Valkey | Session cache | Yes |
| Tika | Document parsing + OCR | Yes |
| Vision LM | Machine vision OCR for scanned PDFs | Yes |
| Service | Internal port | Protocol |
|---|---|---|
| Chat UI | 3000 | HTTP |
| GPU Inference | 11434 | HTTP |
| Qdrant | 6333 / 6334 | HTTP / gRPC |
| OpenSearch | 9200 | HTTP |
| PostgreSQL | 5432 | TCP |
| Valkey | 6379 | TCP |
| Tika | 9998 | HTTP |
All ports above are bound to the internal Docker bridge network. Only 80/443 are reachable from the host network.
| Parameter | Value |
|---|---|
| Chunking strategy | Recursive, ~512 tokens with overlap |
| Embedding model | Configurable (default: bundled inside the enclave) |
| Vector top-k | 20 (configurable) |
| BM25 top-k | 20 (configurable) |
| Reranker | Cross-encoder, top-5 after rerank |
| ACL filtering | Applied at retrieval, before context assembly |
| Citation method | Page-level, linked to source document viewer |
| System | Status |
|---|---|
| iManage | Available now |
| NetDocuments | In development |
| SharePoint | In development |
| Drag-and-drop upload | Available now |
We respond within 2 business days. No NDA required for the initial proof pack.
Request Proof Pack Book a DemoRendex is an AI-powered document retrieval system. It is not a law firm and does not provide legal advice. Nothing on this website constitutes legal advice or creates an attorney-client relationship.
Claims about privilege, confidentiality, and compliance reflect our understanding of applicable rules and guidance as of the date of publication. They are not legal conclusions and should not be relied upon as such. Consult qualified counsel for guidance specific to your firm's circumstances.
Rendex is not yet independently audited for SOC 2 or any other compliance framework. Architecture descriptions reflect the current production design and are subject to change. ROI estimates are based on internal modeling and may not reflect your firm's actual results.