Written down.
Kept honest.
How Rook Dots handles your data today, what is on the roadmap, and the principles that guide every decision. We will not claim certifications we have not earned.
The posture we keep in the background.
These are things Rook Dots already does. No plans. No marketing. Reality.
Encryption in transit.
Every request between your browser and Rook Dots travels over HTTPS. Our origin enforces modern ciphers and HSTS.
Scoped OAuth tokens.
Every Connection holds the minimum scope needed, stored per workspace, revokable at any time.
Auth through Rook ID.
Rook ID is built on WorkOS, giving us a serious foundation for sessions, magic links, and team directories.
Never trained on you.
Workspace memory used by Rook Intelligence is scoped per tenant. It is never used to train foundation models.
Least privilege inside.
Engineer access to production is limited and logged. We take customer data seriously.
The agents respect the room.
Never training data
Workspace memory is private to your workspace and never used to train foundation models.
Actions surfaced
Agent actions are surfaced for approval before anything changes your data.
Scoped per workspace
Intelligence context is isolated at the tenant boundary.
Where we are heading.
We will update this page as each milestone is actually reached, not before.
Independent audit
A formal security audit is planned. We will link the report here once complete, not earlier.
Penetration testing
An external penetration test is in the lineup. Summary under NDA will be offered on request once done.
Regional data residency
Today, data lives in our primary region. EU and other regional options are planned, not promised.
SAML SSO
Available through Rook ID on WorkOS. Documentation for enterprise SSO roll out is in progress.
Privacy agreement
A Data Processing Agreement is being prepared. Reach out if you need to review the draft.
Deletion workflow
Workspace deletion and a full data export are supported. The thirty day recovery window is in progress.
Simple principles, written down.
We are a young product. We are not SOC 2 audited. We are not ISO 27001 certified. We do not pretend otherwise. When these milestones land, we will update this page and link the paperwork.
In the meantime, we build with serious tools. Rook ID runs on WorkOS. We use modern cloud providers. We encrypt data in transit. We scope tokens. We keep engineering access logged and limited. We never train foundation models on your workspace.
If security is a hard requirement for your team, talk to us. We will answer honestly about what we have, what we do not, and when we plan to get there.
Plain.
Are you SOC 2, ISO 27001, or GDPR certified?
+
Not yet. Rook Dots is a young product. An independent SOC 2 audit is planned and we will link the report on this page when it is complete. ISO 27001 is not on the immediate roadmap. We treat GDPR as a baseline for personal data and a formal Data Processing Agreement is being prepared. Reach out if any of this is a blocker and we will share current practices and a realistic timeline.
Do you train on my data?
+
Never. Workspace memory used by Rook Intelligence is scoped per tenant and is never used to train foundation models.
Where does the data live?
+
With our primary cloud provider today. Regional residency is on the roadmap. We will update this answer with specifics as options come online.
Can I delete a workspace?
+
Yes. Workspace deletion and a full data export are supported. A thirty day recovery window is in progress.
How can I report a security issue?
+
Email security at rookhq dot com. We respond within two business days and will acknowledge receipt sooner where possible.