Built to be trusted. Designed to be verified.
Rhenari reads your team's behavioral signals to surface execution intelligence. Here's exactly what that means — what we access, how we protect it, and what we never do.
We read your team's signals. We don't store their conversations.
Rhenari connects to the tools your teams already use and reads behavioral patterns — not message content.
Metadata, not messages
We capture who communicated with whom, when, how often, and in what pattern. Message bodies, email content, calendar notes, and long-form text fields are never written to storage.
Ephemeral content reads
When Rhenari's AI needs to classify an event or assess an outcome — for example, evaluating the direction of a Teams discussion or a Jira description — it reads that content ephemerally via a secure reference, processes it, and immediately discards it. The structured insight is persisted. The source content is not.
Team-level outputs only
Individual behavioral data is processed inside Rhenari's analytics engine but never surfaced to any user. Dashboards, alerts, and insights show team and department-level patterns only. Minimum group sizes are enforced.
Consent-scoped access
Every content read is gated by explicit channel and scope consent configured during onboarding. If consent is not active, all processing is metadata-only.
Your data lives on Rhenari-managed infrastructure. It doesn't leave it.
Rhenari is a fully hosted SaaS platform. No infrastructure is deployed in your environment.
Rhenari-managed hosting
All application services, analytics processing, secret storage, scoring logic, and data storage run on Rhenari-managed infrastructure. Your team installs a Microsoft Teams app. We handle everything behind it.
Tenant isolation
Every pipeline operation, API request, and data query is scoped to a single tenant. No cross-tenant data is ever in scope for any process, prompt, or query. Tenant isolation is enforced at every layer — identity, API, secret storage, analytics engine, and serving outputs.
Encrypted at rest and in transit
Data at rest is encrypted using AES-256. All application, bot, and integration traffic uses TLS 1.2 or higher. These controls are enforced at the infrastructure level.
Secrets kept separate
Integration credentials — API tokens, access grants, connector secrets — are stored in Rhenari-managed Key Vault, namespaced by tenant and integration. They are never exposed through the UI, included in API responses, or embedded in pipeline triggers.
Immutable audit trail
Every content access event is logged before it occurs. Every pipeline run is versioned. Every scored output traces back to its inputs. Break-glass access to production data is time-bound, requires justification, and is fully logged.
Data residency by contract
Region-specific hosting is available where contractually required. All data residency commitments are governed by your contract with Rhenari.
Operating toward certification. Clean when you leave.
We map our controls to the frameworks your security team will ask about — and we give you a defined path out.
SOC 2 Type II — target certification
Rhenari's architecture is mapped to all eight SOC 2 Type II trust service criteria, including logical access controls, encryption, monitoring, incident response, and change management. We are operating in alignment with these criteria and pursuing certification. We are not yet certified.
HIPAA — BAA ready
Rhenari can serve as a Business Associate where applicable. A Business Associate Agreement is available where contractually required. Behavioral metadata is treated with healthcare-grade privacy controls where the contract requires it.
GDPR — Data Processor
Rhenari acts as a Data Processor under GDPR. A Data Processing Agreement is available. Region-specific hosting is available subject to contract.
Controlled employee access
Production data access is restricted, role-gated, and audited. No Rhenari employee accesses your tenant data in the normal course of operations. Support access is time-bound and logged.
Data portability
Before cancellation, you may request an export of your scored output history, insights and alert history, workflow records, configuration snapshots, and seat and role configuration.
Clean deletion
Upon offboarding, Rhenari disables access and deletes tenant data in accordance with our offboarding policy and your contractual terms. Deletion confirmation is available where contractually required. No infrastructure teardown is required on your side — Rhenari never deployed anything into your environment.
Questions your security team needs answered directly?
Download our security overview — a one-page summary your IT or procurement team can review and circulate.