What we access. What we never touch.
Rockfort Red
Red tests your LLM endpoint through its interface, the same way an external attacker would. We do not access your source code, training data, or application database. Test results and vulnerability reports are stored in your Rockfort account and deleted on request.
Rockfort Shield
Shield runs inside your VPC. Your application data does not leave your environment at any point. Rockfort does not store, process, or have visibility into the data that flows through Shield. Audit logs are stored in your own infrastructure.
Rockfort Orion
Orion monitors AI tool usage at the browser or network layer. Usage logs are stored in your Rockfort account. We do not access the content of intercepted data for any purpose other than detection and blocking.
How we are built.
- All products deploy inside your VPC
- Data is encrypted in transit and at rest
- Access controls are role-based across all products
- Full audit logs available for all product interactions
- We do not sell, share, or use your data to train models
Where we stand on compliance.
SOC 2
Rockfort is working toward SOC 2 Type II certification. If you need documentation of our current controls for a vendor security review, reach out and we will provide what you need.
GDPR and data residency
Rockfort supports data residency requirements. If your buyer requires data to stay within a specific region, we can accommodate that in the deployment. Speak to us about your specific requirements.
Privacy Policy
Our full privacy policy is at rockfort.ai/privacy. It covers what data we collect, how it is used, and your rights as a customer.
Have a specific security or compliance question?
We respond to security inquiries within one business day. If you need documentation for a vendor review, a compliance question answered, or a specific control verified, reach out directly.