rag.art
ProductPricingUse casesDocs
Log inStart free

Trust Center

rag.art is built by a small team on top of EU-hosted infrastructure. This page is a living description of how we handle your data.

EU data residency

All production data stored in Supabase (Frankfurt). No replication outside the EU without documented SCCs.

Encryption

AES-256 at rest (Postgres + object storage). TLS 1.2+ in transit. Database connections pinned to EU endpoints.

Access controls

Least privilege by default. Production access is audited. Service-role credentials rotated on demand.

Audit logging

Write-heavy endpoints produce append-only events. Security-relevant actions (deletes, role changes) retained for 24 months.

Sub-processors

Supabase, OpenAI, Anthropic, Vercel, Stripe, Resend. Full list on the DPA.

Compliance roadmap

GDPR + LOPDGDD today. SOC 2 Type I planned for H2 2026. ISO 27001 consideration for 2027.

Reporting

Security disclosures go to security@rag.art. We follow RFC 9116 — see security.txt. For data subject requests, email privacy@rag.art or use the in-product endpoints from /settings.

Related documents

  • Terms of Service
  • Privacy Policy
  • Data Processing Agreement
  • AI disclosure
  • Security overview
rag.art

RAG chatbots, your brand. Made in the EU, GDPR-ready, transparent pricing.

Product

  • Features
  • Pricing
  • Use cases
  • Widget playground

Verticals

  • Real estate
  • Insurance brokers
  • Franchises
  • Dental clinics
  • Law firms
  • Ecommerce

Resources

  • Docs
  • Blog
  • Compare
  • Trust & Security

Legal

  • Terms
  • Privacy
  • Cookies
  • DPA
  • AI disclosure

© 2026 rag.art — Made in the EU · GDPR-ready

PrivacyTerms