Mentions légales et confiance
Security Policy
Security commitments that apply to how Rexora builds and operates client workflows.
Version de travail opérationnelle — relecture par le propriétaire / un juriste requise. Ce texte est un projet préparé pour relecture et ne constitue pas encore un avis juridique validé. En cas de divergence, la version anglaise prévaut (English version prevails).
1. Access and credentials
- Least-privilege access: only the systems and scopes a workflow needs.
- Credentials are stored in secret managers / environment configuration — never in code repositories.
- Access is revoked at the end of an engagement.
2. Client data handling
- Client business data stays within the agreed toolchain; no copies on personal devices beyond what the work requires.
- Demo/test files are ephemeral: processed, then deleted — not retained.
- Client content is excluded from logs and from any model training.
3. AI-specific safeguards
- Model calls run server-side in deployed workflows; keys are never embedded in frontends.
- Rate limiting and input validation on any exposed endpoint.
- Human approval gates on sensitive actions are part of the architecture, not optional settings.
4. This website
The website itself is static, with no backend, no database and no stored form data, which removes most web attack surface by construction.
5. Incident response
Suspected incidents are triaged immediately; affected clients are informed without undue delay with facts, impact and remediation steps. Report suspected issues to info@nonstopgroup.lt.
Tous les documents juridiques