Security at Rumbe AI

Sensitivity-matched protections for every record

Rumbe can classify data according to sensitivity so protections can be matched to the risk of the record. User identities, agent identities, organization records, support conversations, tickets, attachments, and integration credentials require different handling from public configuration data.

High-sensitivity records can receive elevated safeguards such as encryption, restricted access, audit logging, reason tracking, and controlled export.

JWT sessions, enterprise SSO, and role-based access

The customer portal supports JWT-based authentication using secure HTTP-only cookies. Enterprise SSO can integrate with identity providers such as Okta, Microsoft Entra ID / Azure AD, and Google Workspace through standard SAML or OAuth flows.

Role-based access control separates what customers, agents, tenant administrators, and platform administrators can view or change. Authorization guards protect routes and workflows according to assigned permissions.

Authenticated encryption for sensitive fields and provider keys

Sensitive stored fields can be encrypted before database persistence. Provider credentials — including LLM and SMTP keys — are protected using authenticated encryption and are not intended to be displayed in plain text after storage.

A dedicated encryption key can be separated from primary database credentials, reducing the value of a database-only compromise.

Organization-scoped data and tenant-isolated retrieval

Rumbe uses organization identifiers and tenant-aware data access to separate customers. Conversations, tickets, agents, end users, settings, audit records, and knowledge sources are associated with the active organization.

The RAG layer uses tenant-specific vector collections so retrieval is scoped to the correct organization.

Your Rumbe AI assistant is designed to retrieve from your organization’s approved knowledge sources — not another tenant’s content.

Redaction, citations, and confidence-based handoff

Rumbe can redact recognized sensitive patterns before content is transmitted to configured AI providers. Source-grounded retrieval and citations help users understand where an answer originated. Confidence checks can trigger a human handoff instead of forcing an uncertain automated response.

AI request hashing supports traceability while avoiding unnecessary duplicate storage of full sensitive payloads.

Tenant-specific keys and domain-whitelisted embedding

The Rumbe widget is compiled without client-framework dependencies, reducing dependency conflicts on host websites. Tenant-specific keys and domain whitelisting help prevent unauthorized embedding.

Authenticated widget deployments can associate a verified host-session profile with the support interaction when the Sign-In Pro capability is enabled and implemented correctly.

Audit coverage for sensitive access and AI activity

Rumbe’s documented audit model covers sensitive record access, AI transactions, and agent or administrator activity. Logs can support incident review, access accountability, troubleshooting, and operational governance.

Redaction, reason-tracked access, and forensic review

Rumbe’s safeguards include PII-aware schema design, neural redaction before selected AI requests, PHI access logging, and controlled handling of sensitive attachments.

Bring-your-own LLM keys with encrypted, tenant-scoped storage

Customer-supplied provider credentials are stored with AES-256-GCM authenticated encryption and resolved from authenticated tenant context. Saved keys are not redisplayed in plain text.

Modular runtime separation and environment-specific configuration

Customer, agent, admin, widget, and billing modules run under distinct runtime configurations. Development, staging, and production use separate credentials, secrets, and allowed domains.

Validation, safe rendering, and least-privilege configuration

Rumbe’s architecture applies validation at API boundaries, safe Markdown rendering, server-side secret validation, webhook signature verification, environment-specific configuration, and least-privilege role separation.

Security also depends on deployment practices such as key rotation, patching, dependency review, backup protection, retention management, monitoring, incident response, and secure customer configuration.