Omet el contingut principal

Security & Data Protection

Safeguarding Raegis workspaces

Last updated: 29 November 2025

Minerva Data Solutions, SLU (“Raegis”) maintains administrative, technical, and organizational controls aligned with GDPR expectations to protect customer data processed through the Raegis platform. This summary outlines our core practices; additional details are available via our Data Processing Addendum.

1. Platform architecture

Raegis is hosted on hardened cloud infrastructure with region selection options. Customer workspaces are logically isolated, and data processing jobs run within scoped containers with least-privilege service roles. Production and staging environments are separated with independent credentials.

2. Data handling

Uploaded documents, embeddings, and retrieval artifacts remain encrypted at rest using AES-256 and in transit via TLS 1.2+. Administrators control retention policies, and data can be deleted or reprocessed at any time through the console or API. We never train proprietary models on customer data unless explicitly requested.

3. Access management

Role-based access control enforces workspace-level permissions, SSO/SAML support, and per-environment API keys. Internal employees access production systems only through audited jump hosts with strong MFA and need-to-know approvals.

4. Network & application security

We employ web application firewalls, rate limiting, automated dependency scanning, and peer-reviewed code deployment. All changes flow through CI/CD pipelines with automated testing before release.

5. Monitoring & logging

Comprehensive observability tracks API usage, retrieval accuracy, and system health. Security logs are centralized, tamper-resistant, and retained per regulatory requirements. Customers can export their own audit logs through the Raegis console.

6. Incident response

We maintain a written incident response plan with 24/7 on-call coverage. In the event of a data breach affecting customer data, we will notify impacted customers without undue delay, provide relevant details, and cooperate on regulatory reporting obligations.

7. Compliance & GDPR

Raegis processes personal data as a processor on behalf of customers and as a controller for account administration. Our GDPR-aligned Data Processing Addendum covers subject rights, subprocessors, and international transfer mechanisms (e.g., SCCs). Customers may request or sign the DPA by emailing support@raegis.app.

8. Customer responsibilities

Customers are responsible for configuring access controls, managing API keys, and ensuring uploaded content complies with applicable laws. You should review third-party model provider terms and maintain backups of critical data exported from Raegis.

9. Contact

For security reviews, penetration test reports, or incident notifications, contact support@raegis.app. We typically respond within one business day for priority issues.

We update this page as controls evolve. Subscribe to Raegis release notes or contact our team for detailed documentation, DPAs, or bespoke security questionnaires.