Argosvix

How your data is handled

Storage, encryption, redaction, retention, and deletion — all spelled out here.

AES-256 at rest

Prompts and completions are encrypted with AES-256-GCM in D1. Decryption keys are isolated in Cloudflare Secrets.

Encryption in transit (TLS)

All traffic between your browser or SDK and Argosvix is encrypted with TLS. Combined with AES-256 at rest, plaintext is protected both in transit and at rest.

Data stored in the Tokyo region

Record data is stored in Cloudflare's Tokyo region (D1). Code executes on Cloudflare's global edge (operated by a US company, SCCs in place — see the privacy policy). Low-latency for Japan-region visitors.

Authentication & access control

API keys are stored hashed and shown in plaintext only once at creation. Decrypting stored plaintext is gated by plan, consent, and identity, unauthorized decryption is structurally prevented, and every access is recorded in the audit log.

PII redaction default ON

Email, credit cards, phone numbers, and API keys are auto-masked before transit. Disabling redaction requires Pro+ and explicit opt-in.

Retention you control

Free = 30 days, Pro = 90 days, Team = 90 days. Per-record shortening or deletion is also available.

1-click full data deletion

Purge account / records on demand from settings. Backup retention is up to 14 days.

Subprocessors disclosed

We disclose the external services used to store and process data: Cloudflare (Tokyo region) for storage, OpenAI / Anthropic / Google / Mistral for inference, and Stripe for payments.

GDPR / APPI aligned

SCCs and statutory flows for deletion / access / rectification are in place; a DPA is available on request.

Public status page

Key endpoints are externally monitored and the live status is public (stats.uptimerobot.com/yGkFbsxP39). During an incident, check that page for updates.