Data protection
RushDB is designed to keep customer data isolated by workspace and project, with clear ownership of stored records, relationships, and indexed text.
Security
Security and privacy for RushDB customers.
RushDB is built as developer infrastructure for connected data, semantic retrieval, and agent memory. This page summarizes the controls, privacy practices, and disclosure process available to customers evaluating RushDB Cloud or self-hosted RushDB.
Current posture
RushDB documents its security controls, privacy practices, subprocessors, and responsible disclosure channel for customer review.
Security contactAvailable
GDPR supportAvailable
Formal audit reportNot published
Operational controls.
RushDB keeps the control surface focused on the systems that matter for customer data: storage, transport, access, backups, and operational review.
Encryption
RushDB uses encrypted transport for customer-facing services. Hosted infrastructure is operated with encryption controls appropriate for managed cloud services.
Access control
Access to hosted RushDB environments is limited to authorized operators and managed through role-based administrative workflows.
Backups
Hosted RushDB is operated with backup and recovery practices intended to protect service continuity and customer data durability.
Privacy and GDPR
Customer data stays governed.
RushDB supports privacy review with published policies, customer data workflows, and documented processing boundaries.
Privacy Policy and Terms of Service are published for customers.
Data deletion and export workflows are supported for customer data.
A data processing addendum can be provided for customers who require one.
Current subprocessor details are shared during customer security review.
Compliance
Compliance status.
RushDB shares current certification and regulatory information so customers can evaluate the product against their procurement and risk requirements.
GDPR
RushDB supports GDPR-aligned customer workflows, including data deletion, export, subprocessors, and data processing terms.
SOC 2
RushDB does not currently publish a SOC 2 report. Formal audit reports, when available, will be shared with eligible customers under NDA.
ISO 27001
RushDB does not currently claim ISO 27001 certification. Security controls are documented so formal certification can be evaluated when customer requirements call for it.
EU AI Act
RushDB is infrastructure for connected data and agent memory. It is designed to support governance workflows such as traceability, access control, deletion, and auditability for downstream systems.
Subprocessors and documents.
RushDB maintains customer-facing security and privacy materials for hosted service reviews. Current subprocessor details and data processing terms can be shared with customers as part of onboarding or procurement.
Responsible disclosure.
Security reports are welcome when submitted in a way that protects customer data and service availability.
- 1Send vulnerability reports to the security contact below.
- 2Include affected URLs, project context, reproduction steps, and potential impact.
- 3Do not access, modify, destroy, or exfiltrate customer data.
- 4Do not run denial-of-service tests or social engineering campaigns.
Security contact.
For vulnerability reports, security questionnaires, privacy reviews, or data processing requests, contact RushDB with the relevant project, company, and review context.