Your documents stay yours
Privacy isn't a checkbox at Docutrix — it's the reason teams trust us with their most sensitive documents.
Data Isolation
Complete tenant separation
Every organisation on Docutrix runs in its own isolated environment. Your documents, vector indexes, and query logs are never co-mingled with another customer's data. This is enforced at the infrastructure level, not just the application level.
Separate storage per tenant
Document storage buckets, vector databases, and relational stores are provisioned per tenant. There is no shared storage layer that could allow cross-tenant data access.
Isolated query pipelines
When a user asks a question, the retrieval pipeline queries only that organisation's index. There is no shared retrieval context across tenants.
Encryption
Encryption at rest — AES-256
All documents, embeddings, and metadata are encrypted at rest using AES-256. Encryption is applied at the storage layer and is transparent to users.
Encryption in transit — TLS 1.2+
All data transferred between your browser/app and Docutrix's servers is encrypted using TLS 1.2 or higher. TLS 1.0 and 1.1 are explicitly disabled.
Bring your own key (BYOK) — Enterprise
Enterprise customers can use their own encryption keys managed via AWS KMS, Azure Key Vault, or GCP Cloud KMS. Docutrix never has access to your plaintext key material.
AI & Data Usage
No training on your data
Docutrix does not use your documents, queries, or answers to train, fine-tune, or improve AI models — on any plan. This is a contractual commitment, not just a policy.
No document retention beyond indexing
Documents are stored only to serve your queries. Docutrix does not copy, distribute, or analyse your documents for any purpose other than answering your team's questions.
Audit-logged AI usage
All AI queries are logged with timestamps, user identifiers, and document references. Enterprise plans can export these logs to your SIEM.
Access Controls
Role-based document permissions
Admins can restrict document collections to specific users or teams. Access controls are enforced at query time — a user cannot retrieve answers from documents they are not authorised to access.
Single Sign-On (SSO) — Enterprise
Integrate with your identity provider via SAML 2.0 or OIDC. Supported providers include Okta, Azure Active Directory, Google Workspace, and any SAML-compliant IdP.
SCIM user provisioning — Enterprise
Automatically provision and deprovision users from your identity provider. When an employee leaves, their Docutrix access is revoked automatically.
Compliance
GDPR-aligned data processing
Docutrix acts as a data processor under GDPR. Enterprise plans include a Data Processing Agreement (DPA) that covers your obligations as a data controller.
Data residency options — Enterprise
Enterprise plans can specify data residency — EU, US, or APAC regions. Data never leaves your selected region.
Private Deployment
Private hosted LLM
For organisations that cannot send document content to any third-party LLM API, Enterprise plans include the option to run the AI entirely within your own VPC. Your document content never leaves your infrastructure.
On-premise deployment
Full on-premise deployment is available for organisations with air-gapped environments or strict data sovereignty requirements. Contact our sales team to discuss requirements.
Choice of LLM
Enterprise customers can choose their preferred LLM backend — including models hosted by Anthropic, OpenAI, Mistral, or an open-source model running in your own environment.
Responsible disclosure
If you believe you have discovered a security vulnerability in Docutrix, please email security@docutrix.com with details. We commit to acknowledging your report within 24 hours.