Security and Best Practices
Rekognita takes the security of your data very seriously. This page describes our security measures and recommendations for clients.
Data Encryption
- In Transit: All API requests run over TLS 1.3
- At Rest: Documents are encrypted using AES-256
- Keys: API keys are hashed and are never stored in plaintext
Document Storage
- Documents are automatically deleted 24 hours after processing
- Enterprise customers can configure custom retention policies
- You can manually delete a document via API at any time
DELETE /v1/documents/{document_id}
Authorization: Bearer rk_sk_your_keyAPI Key Management
- Rotation: Rotate keys regularly via the Dashboard
- Scopes: Use Restricted keys (
rk_rk_) with minimum privileges - Environments: Use Test keys (
rk_test_) for development - Never store keys in code. Use environment variables
IP Restrictions
Enterprise customers can restrict API access from specific IP addresses via Dashboard → Settings → Security → IP Allowlist.
Compliance
- SOC 2 Type II — annual audit
- GDPR — fully compliant for EU data
- HIPAA — available for Enterprise plans
Report a Vulnerability
If you have found a vulnerability, please reach out to: security@rekognita.com. We respond within 24 hours.