Sub-processors security@krux.bio Sign up

Security & trust

Built for highly regulated industries.
Stated plainly, backed by the code.

Drafted claims trace to a source span. Vault activity is hash-chained and exports are independently verifiable. This page is our full posture: what is live today, what is in progress, and what is not yet built. We do not list a control we cannot show.

Security overview Request DPA Report a vulnerability

Section 1

What we will and will not do.

The plainest statement of scope a regulated-industry product can publish. Five lines on each side, no fine print.

We will

Isolate every org's data with Postgres Row-Level Security at the database layer
Encrypt your data in transit (TLS) and at rest on our infrastructure providers
Run drafted claims through the citation, off-label, and PHI guardrails that are live
Give you an Ed25519-signed, independently verifiable audit export per Vault
Give 30 days notice before any sub-processor change takes effect

We do not

Train any model on your data
Share your prompts, documents, or outputs across tenants
Send your text to any provider other than Anthropic and Voyage
Generate medical claims about your products or competitors
Predict trial outcomes or write MLR-final copy

Section 2

Certifications & attestations.

Honest status. Nothing here is certified yet. In progress means active work toward it. Planned means scoped but not started. We will not list a cert as achieved until the report is in hand and we can show it under NDA.

SOC 2 Type II

In progress

Operational security audit

Working toward it. Not yet certified.

ISO 27001

Planned

Information security management

Planned. Not yet certified.

ISO 42001

Planned

AI management system

Planned. Not yet certified.

GDPR DPA

Available

Data Processing Agreement

Available on request: privacy@krux.bio

HIPAA BAA

In progress

Business Associate Agreement for PHI

In progress. Ask under NDA: privacy@krux.bio

21 CFR Part 11

Planned

Electronic records & signatures

Krux is a proposal-drafting tool, not your GxP system of record. See note below.

On 21 CFR Part 11: Krux helps prepare proposal content. The regulated record of submission lives in your own validated systems, not in Krux. We do not position Krux as your GxP system of record. If your use case needs Part 11 controls on the records Krux holds, talk to us at compliance@krux.bio before you contract so we can scope it honestly.

Section 3

Architecture.

The security properties of the data path: tenant isolation, per-Vault access, encryption, and audit integrity.

Hosting

Application compute on Vercel. Postgres database, authentication, and object storage on Supabase. Both run on AWS underneath.

Tenant isolation

Postgres Row-Level Security. Every org-scoped table filters on the caller's org, enforced at the database layer, not in application code. New accounts get a private org at signup.

Per-Vault access control

Inside an org, a Bid Vault has its own role membership (owner, editor, reviewer, observer). Belonging to the org does not grant access to a Vault; a user must be added to it.

LLM data flow

Prompts and retrieved context go to Anthropic at inference time. Document chunks go to Voyage at embed and rerank time. Those are the only two recipients of customer text outside the platform.

Audit log integrity

Each Bid Vault keeps a SHA-256 hash-chained activity log. Exports are Ed25519-signed and can be verified in the browser against the public key registry, with no Krux server in the loop.

Encryption

TLS in transit. Encrypted at rest by the Supabase and Vercel platforms. There is no Krux-managed per-tenant key scheme today.

At a high level: content is ingested and isolated per org by Postgres RLS, retrieved, screened by the guardrails that are live today, and answered by Anthropic with span-level citations and a hash-chained Vault audit record. A data-flow diagram is available under NDA. Contact security@krux.bio.

Section 4

Data handling.

Residency, encryption, retention, deletion. The procurement-checklist answers.

Data residency

Runs in a single region today (United States). Per-tenant region pinning is not implemented yet. If you need EU residency, contact security@krux.bio before contracting.

Encryption at rest

Encrypted at rest by the Supabase and Vercel platforms (AWS underneath). Krux does not run a separate per-tenant key scheme; there is no BYOK today.

Encryption in transit

TLS for all traffic to krux.bio and trust.krux.bio.

Retention and deletion

Deleting an RFP or a knowledge file removes the database row and the stored object. Vaults and documents use a soft-delete marker. A scheduled hard-delete after a fixed grace window, and a written retention period, are still being built.

Sensitive content detection

The PHI guardrail flags patient-identifiable shapes (SSN, MRN, and similar) in inputs and outputs. It is rule-based and runs in-process. Configurable per org in the Guardrails admin.

Deletion on request

Email security@krux.bio to request deletion. The row-and-object delete path above is what runs today. A documented DSAR procedure with a fixed SLA is in progress.

Section 5

Model providers.

The two providers Krux sends customer text to, and what each receives. Zero-retention and no-training terms are being confirmed at the account level with both providers before we state them here.

Provider
Role
Retention term
BAA

Anthropic

Prompts and retrieved context at inference time. Called over Anthropic's commercial API.

LLM inference (Claude family)

ConfirmingIn progress

Voyage AI

Document chunks at embed time, query plus candidate passages at rerank time.

Embeddings and reranking

Confirming—

The full sub-processor list, with the infrastructure providers that host the data path, is at trust.krux.bio/subprocessors. We give 30 days notice before a sub-processor change takes effect.

Section 6

AI governance.

The principles Krux ships on, and the supervisor models that enforce them.

Principles

Citations are the default. A drafted claim with no resolvable source span is stripped before you see it.
Refusal is a feature. Krux flags off-label claims and unsourced clinical claims and routes them to review rather than shipping them.
We do not train any model on your data. We are confirming the no-training and zero-retention terms with Anthropic and Voyage at the account level before we state them as contractual on this page.
Compliance owners configure the guardrails. The product enforces the ones that are live and records that it ran.
Vault activity is hash-chained, and every Vault audit export is Ed25519-signed and independently verifiable.

Supervisor models

Citation validator

Live

Drafted claims

Strips claims that do not resolve to a source span in the knowledge base before the draft is shown.

Off-label validator

Live

Drafted claims

Flags unqualified efficacy or safety claims about a named drug or product. LLM-based classifier; findings route to review.

PHI validator

Live

Inputs and outputs

Rule-based detection of patient-identifiable shapes (SSN, MRN, and similar). Runs in-process, deterministic, audit-replayable.

Competitive-IP validator

Roadmap v2

Configurable per org

Flags references to competitor confidential product information.

MLR-readiness scorer

Roadmap v2

Response drafts

Scores a draft on whether it is ready to route to MLR review.

Section 7

Access controls.

Per-Vault roles that are enforced today, how users sign in, and the source-system connector roadmap. Sign-in is a one-time email code (no password to phish). SAML/SSO and IP allowlisting are not built yet.

Vault roles

Role
Read
Edit draft
Add docs
Members
Guardrails
Export audit
Delete vault

Observer

✓

—

Reviewer

✓

—

Editor

✓

—

✓

—

Owner

✓

Source-system connectors (roadmap)

Today, documents are uploaded into a Vault directly. ACL-aware ingest from the systems below, where a user removed upstream loses access to the indexed content, is on the roadmap and not yet built. We will move a connector to live here only once it ships.

Veeva Vault

Roadmap

ACL-aware ingest with re-check at query time. Not built yet.

Microsoft SharePoint

Roadmap

Site and folder permission inheritance. Not built yet.

Box

Roadmap

Folder and collaborator ACLs. Not built yet.

Egnyte

Roadmap

Workgroup and ACL inheritance. Not built yet.

Section 8

Operations.

Pen testing, vulnerability disclosure, incident response, sub-processors, and the audit bundle verifier. Stated as it is today, including what is not yet in place.

Penetration testing

A third-party penetration test has not been run yet. We will publish the vendor and a summary once one is scheduled and complete. We will not claim a test that has not happened.

Vulnerability disclosure

Report a security issue to security@krux.bio. We read it and respond. A written triage process with stated SLAs is being put in place.

security@krux.bio ↗

Bug bounty

No formal bug bounty program yet. Until one launches, send disclosures to security@krux.bio.

Incident response

Our intent is to notify affected customers promptly and follow up with a written summary. A formal incident response policy with fixed notification timelines is in progress; we will state the timelines once it is signed off.

Sub-processors

The current sub-processor list is at trust.krux.bio/subprocessors. We give 30 days notice before a sub-processor change takes effect.

View sub-processors ↗

Audit bundle verifier

A Vault audit export can be verified in your browser at trust.krux.bio/verify against the Ed25519 public keys at trust.krux.bio/keys. No Krux server is involved in the check.

Open the verifier ↗

Section 9

Legal artifacts.

The signable documents your procurement and InfoSec teams need before a deal closes.

Data Processing Agreement (DPA)

Request

GDPR-aligned template. Request a copy to review and sign.

Business Associate Agreement (BAA)

Request

For HIPAA-eligible use. Our BAA position with Anthropic is in progress. Ask under NDA before contracting.

Security overview

Request

A written summary of this page for your procurement file. Sent on request.

Sub-processor list

Download

The current providers in the data path, with locations and DPAs.

One contact for everything legal.

DPAs, BAAs, vendor security questionnaires, procurement docs.

privacy@krux.bio

KruxAI

Sub-processors security@krux.bio Sign up

Security & trust

Built for highly regulated industries.
Stated plainly, backed by the code.

Security overview Request DPA Report a vulnerability

Section 1

What we will and will not do.

The plainest statement of scope a regulated-industry product can publish. Five lines on each side, no fine print.

We will

Isolate every org's data with Postgres Row-Level Security at the database layer
Encrypt your data in transit (TLS) and at rest on our infrastructure providers
Run drafted claims through the citation, off-label, and PHI guardrails that are live
Give you an Ed25519-signed, independently verifiable audit export per Vault
Give 30 days notice before any sub-processor change takes effect

We do not

Train any model on your data
Share your prompts, documents, or outputs across tenants
Send your text to any provider other than Anthropic and Voyage
Generate medical claims about your products or competitors
Predict trial outcomes or write MLR-final copy

Section 2

Certifications & attestations.

SOC 2 Type II

In progress

Operational security audit

Working toward it. Not yet certified.

ISO 27001

Planned

Information security management

Planned. Not yet certified.

ISO 42001

Planned

AI management system

Planned. Not yet certified.

GDPR DPA

Available

Data Processing Agreement

Available on request: privacy@krux.bio

HIPAA BAA

In progress

Business Associate Agreement for PHI

In progress. Ask under NDA: privacy@krux.bio

21 CFR Part 11

Planned

Electronic records & signatures

Krux is a proposal-drafting tool, not your GxP system of record. See note below.

Section 3

Architecture.

The security properties of the data path: tenant isolation, per-Vault access, encryption, and audit integrity.

Hosting

Application compute on Vercel. Postgres database, authentication, and object storage on Supabase. Both run on AWS underneath.

Tenant isolation

Postgres Row-Level Security. Every org-scoped table filters on the caller's org, enforced at the database layer, not in application code. New accounts get a private org at signup.

Per-Vault access control

Inside an org, a Bid Vault has its own role membership (owner, editor, reviewer, observer). Belonging to the org does not grant access to a Vault; a user must be added to it.

LLM data flow

Prompts and retrieved context go to Anthropic at inference time. Document chunks go to Voyage at embed and rerank time. Those are the only two recipients of customer text outside the platform.

Audit log integrity

Each Bid Vault keeps a SHA-256 hash-chained activity log. Exports are Ed25519-signed and can be verified in the browser against the public key registry, with no Krux server in the loop.

Encryption

TLS in transit. Encrypted at rest by the Supabase and Vercel platforms. There is no Krux-managed per-tenant key scheme today.

Section 4

Data handling.

Residency, encryption, retention, deletion. The procurement-checklist answers.

Data residency

Runs in a single region today (United States). Per-tenant region pinning is not implemented yet. If you need EU residency, contact security@krux.bio before contracting.

Encryption at rest

Encrypted at rest by the Supabase and Vercel platforms (AWS underneath). Krux does not run a separate per-tenant key scheme; there is no BYOK today.

Encryption in transit

TLS for all traffic to krux.bio and trust.krux.bio.

Retention and deletion

Sensitive content detection

The PHI guardrail flags patient-identifiable shapes (SSN, MRN, and similar) in inputs and outputs. It is rule-based and runs in-process. Configurable per org in the Guardrails admin.

Deletion on request

Email security@krux.bio to request deletion. The row-and-object delete path above is what runs today. A documented DSAR procedure with a fixed SLA is in progress.

Section 5

Model providers.

The two providers Krux sends customer text to, and what each receives. Zero-retention and no-training terms are being confirmed at the account level with both providers before we state them here.

Provider
Role
Retention term
BAA

Anthropic

Prompts and retrieved context at inference time. Called over Anthropic's commercial API.

LLM inference (Claude family)

ConfirmingIn progress

Voyage AI

Document chunks at embed time, query plus candidate passages at rerank time.

Embeddings and reranking

Confirming—

The full sub-processor list, with the infrastructure providers that host the data path, is at trust.krux.bio/subprocessors. We give 30 days notice before a sub-processor change takes effect.

Section 6

AI governance.

The principles Krux ships on, and the supervisor models that enforce them.

Principles

Citations are the default. A drafted claim with no resolvable source span is stripped before you see it.
Refusal is a feature. Krux flags off-label claims and unsourced clinical claims and routes them to review rather than shipping them.
We do not train any model on your data. We are confirming the no-training and zero-retention terms with Anthropic and Voyage at the account level before we state them as contractual on this page.
Compliance owners configure the guardrails. The product enforces the ones that are live and records that it ran.
Vault activity is hash-chained, and every Vault audit export is Ed25519-signed and independently verifiable.

Supervisor models

Citation validator

Live

Drafted claims

Strips claims that do not resolve to a source span in the knowledge base before the draft is shown.

Off-label validator

Live

Drafted claims

Flags unqualified efficacy or safety claims about a named drug or product. LLM-based classifier; findings route to review.

PHI validator

Live

Inputs and outputs

Rule-based detection of patient-identifiable shapes (SSN, MRN, and similar). Runs in-process, deterministic, audit-replayable.

Competitive-IP validator

Roadmap v2

Configurable per org

Flags references to competitor confidential product information.

MLR-readiness scorer

Roadmap v2

Response drafts

Scores a draft on whether it is ready to route to MLR review.

Section 7

Access controls.

Vault roles

Role
Read
Edit draft
Add docs
Members
Guardrails
Export audit
Delete vault

Observer

✓

—

Reviewer

✓

—

Editor

✓

—

✓

—

Owner

✓

Source-system connectors (roadmap)

Veeva Vault

Roadmap

ACL-aware ingest with re-check at query time. Not built yet.

Microsoft SharePoint

Roadmap

Site and folder permission inheritance. Not built yet.

Box

Roadmap

Folder and collaborator ACLs. Not built yet.

Egnyte

Roadmap

Workgroup and ACL inheritance. Not built yet.

Section 8

Operations.

Pen testing, vulnerability disclosure, incident response, sub-processors, and the audit bundle verifier. Stated as it is today, including what is not yet in place.

Penetration testing

A third-party penetration test has not been run yet. We will publish the vendor and a summary once one is scheduled and complete. We will not claim a test that has not happened.

Vulnerability disclosure

Report a security issue to security@krux.bio. We read it and respond. A written triage process with stated SLAs is being put in place.

security@krux.bio ↗

Bug bounty

No formal bug bounty program yet. Until one launches, send disclosures to security@krux.bio.

Incident response

Sub-processors

The current sub-processor list is at trust.krux.bio/subprocessors. We give 30 days notice before a sub-processor change takes effect.

View sub-processors ↗

Audit bundle verifier

A Vault audit export can be verified in your browser at trust.krux.bio/verify against the Ed25519 public keys at trust.krux.bio/keys. No Krux server is involved in the check.

Open the verifier ↗

Section 9