Skip to main content
STROKIX
Sign inCreate workspace

Security one-pager

Built to pass enterprise review on day one.

STROKIX combines tenant isolation, encrypted credentials, signed audit history, approval gates, and defenses around model and connector access.

Architecture

Clear boundaries from request to action.

Requests move through authenticated interfaces, scoped connectors, model processing, and approval-aware execution.

Interface

Web Terminal · Slack Bot · REST/GraphQL · Webhooks

Integration Engine

Scoped connectors · Transaction manager · Workspace RBAC

Intelligence

Model routing · Retrieval · Context controls · Cache

Agent Engine

LangGraph · Event Router · HITL · Audit · Rollback

Connector credentials are encrypted · services run as non-root · outbound requests are validated

Posture

The guarantees in effect.

Encryption at rest

AES-256-GCM with tenant-specific KMS keys. OAuth tokens encrypted with per-tenant DEKs.

Row-level security

FORCE RLS in PostgreSQL. Every tenant query is scoped at the database layer, tested across two-tenant fixtures.

Immutable audit log

PostgreSQL rules block UPDATE / DELETE. Every entry signed with HMAC-SHA256. Tampering is cryptographically detectable.

Controlled data flow

Connector access is scoped, outbound requests are validated, and model-provider processing is documented in the privacy policy.

Prompt-injection defense

15 pattern detectors + role separation between system and user messages + control-character sanitisation.

SSRF protection

Domain allowlist on outbound URLs. Internal IPs (10.x, 172.x, 192.168.x) and cloud metadata (169.254.169.254) blocked.

Data access

What STROKIX can — and can’t — see.

What STROKIX accesses

  • Records returned by your connectors (you scope these)
  • Documents you upload to the RAG corpus
  • Audit metadata (who, what, when, hashes)
  • Aggregated, non-PII telemetry on query latency

What STROKIX never accesses

  • Connector secrets through the user interface or audit logs
  • Source-system data outside the scopes you grant
  • Documents not explicitly indexed
  • Cross-tenant data — RLS blocks this at the DB

Assurance status

Clear about what is verified today.

Security controls and independent certification are different things. This is the current status without implying certifications we have not completed.

  • Technical controls

    Available now

    Encryption, tenant isolation, approval gates, audit history, SSRF protection, and prompt-injection defenses.

  • Privacy operations

    Available now

    Document deletion, account deletion workflow, and a published privacy policy.

  • SOC 2 Type II

    Not certified

    Evidence collection and an independent audit are planned. STROKIX does not currently claim SOC 2 certification.

  • Independent penetration test

    Planned

    A third-party penetration test has not yet been completed.

See pricingBack to product