Security you can operate, and audit.
Seraxi is security-infrastructure tooling — so the bar for our own security posture is the one our customers hold themselves to. Here is how the platform is built to be trusted, and how to reach us if you find a problem.
Security posture
The platform is designed for the hardest environments first — regulated, air-gapped, and audited.
On-prem & air-gap
Seraxi runs entirely on your own appliance. No backup, capture, or discovery data leaves your perimeter unless you explicitly export it — air-gapped deployments are a first-class case, not an afterthought.
Audit-first
Every privileged action is logged, signed, and exportable. The audit trail is built in from the start, so regulated and banking environments can satisfy their own controls without bolting anything on.
Signed actions & integrity
Artifacts are integrity-checked and size-verified, and privileged actions are cryptographically signed — so a silent failure, a truncated backup, or an unauthorized change never passes as good.
Responsible disclosure
We welcome good-faith security research and vulnerability reports. If you believe you've found a security issue in Seraxi, please report it to us privately so we can investigate and fix it before any details are made public. Our machine-readable policy is published per RFC 9116.
How we handle reports
- 01
Acknowledge
We confirm receipt of your report and open an internal track, so you know it landed with a real person.
- 02
Investigate
We validate, reproduce, and assess impact — and stay in touch with you on what we find.
- 03
Remediate
We fix verified issues, ship the remediation, and credit reporters who want acknowledgement.
Have a security question?
Reporting a vulnerability, reviewing our posture for procurement, or running a security assessment — reach the security team directly.