Your data security is our foundation
As a privacy compliance platform, our own security posture is foundational. We hold ourselves to the same standards we help our customers meet.
Infrastructure
Dxtra is hosted on enterprise-grade cloud infrastructure with data centers in multiple regions. All data is encrypted at rest using AES-256 and in transit using TLS 1.2+. Our architecture is designed for high availability with automated backups and disaster recovery.
- Encryption at rest (AES-256) and in transit (TLS 1.2+)
- Automated daily backups with point-in-time recovery
- Infrastructure monitoring and automated alerting
- Regular vulnerability scanning and penetration testing
AI & data processing
Dxtra uses large language models from multiple providers — including OpenAI, Anthropic, and Google — to generate privacy documentation, compliance materials, and in-app assistance. We are transparent about exactly how AI is used, what data flows through it, and how we protect your information at every stage.
No-training guarantee
Your data is never used to train AI models — period. We maintain data processing agreements with all LLM providers that contractually prohibit the use of customer data for model training. Prompts and responses are processed in real time and are not retained by providers for training or improvement purposes.
Security middleware pipeline
Every AI request passes through a multi-layer middleware pipeline before reaching any LLM provider:
- Rate limiting — Redis-backed throttling prevents abuse and ensures fair usage across all accounts
- PII detection — automated scanning flags and redacts sensitive personal data before it is sent to any external model
- Cost tracking — per-request token usage and cost attribution is logged for every AI interaction, enabling transparent usage reporting
- Audit logging — every prompt, response, model selection, and token count is recorded with full traceability
Human-in-the-loop review
AI-generated content is never published automatically. Every document, notice, and policy passes through an interrupt-based approval workflow — the AI engine pauses execution and waits for your explicit review, editing, and approval before anything goes live. You remain in full control at every stage.
Observability & monitoring
All AI operations are monitored through Langfuse — an open-source LLM observability platform. This provides full trace visibility across every agent execution, including latency, token usage, error rates, and quality metrics. Our engineering team uses these traces to continuously improve reliability and detect anomalies in real time.
Compliance & certifications
We are actively working toward industry-standard certifications to provide independent verification of our security practices.
SOC 2 Type II
On roadmapIndependent audit of security controls and data handling practices.
ISO 27001
On roadmapInternational standard for information security management systems.
Penetration testing
ActiveRegular third-party penetration testing of our platform and infrastructure.
GDPR compliance
ActiveOur own privacy program is built and maintained using Dxtra.
Sub-processors
As a data processor, Dxtra maintains a list of sub-processors in accordance with GDPR requirements. Our sub-processor list is available through the Dxtra Transparency Center.
Responsible disclosure
If you believe you have found a security vulnerability in Dxtra, please report it responsibly. Contact us at security@dxtra.ai. We commit to acknowledging reports promptly and working with researchers to resolve issues.