Skip to content
Schedule a demo

How Rex Uses and Secures AI

Last updated: March 2026

Rex is an AI-native provider for operational finance. Our system processes accounts receivable workflows — chasing invoices, reconciling payments, managing disputes, communicating with customers — using large language models to handle work that traditionally requires manual effort or outsourced teams.

This page explains how we use AI, how we handle your data, and what guardrails are in place.

Architecture overview

Rex uses Anthropic’s Claude models for all LLM inference, accessed via AWS Bedrock. We do not train, fine-tune, or host our own models.

All inference runs server-side within Rex’s infrastructure. End users and external parties never interact with the model directly. Every request is scoped to a single tenant — there is no shared context, memory, or data access across customer environments.

What we do with your data

  • Your data is used at inference time to perform work within your tenant: reading invoices, drafting communications, resolving cases, applying your policies
  • All operational data (cases, communications, decision history) is retained for the duration of your contract to deliver the service
  • We use an observability platform to monitor inference quality and reliability, with inference logs retained on a 30-day rolling basis
  • Upon contract termination, all customer data is deleted within 30 days of request

What we don’t do with your data

  • We do not use your data to train or fine-tune any models
  • We do not share your data across tenants
  • We do not expose model weights, embeddings, or direct model access to any user
  • AWS Bedrock operates under zero data retention by default — prompts and completions are not stored or used for training by the model provider

Human oversight

Rex operates with a human-in-the-loop approval model. Actions taken by the system — such as sending a customer email or applying a credit — can be surfaced for review before execution. Every action includes a decision trace explaining why the system took that action and what data informed it.

Over time, as confidence thresholds are met for specific action types, the approval requirement is relaxed. The goal is earned autonomy, not unsupervised automation.

Security posture

Tenant isolation. Each customer operates in a fully isolated environment. Data, policies, and agent context are scoped per-tenant with no cross-tenant access.

Infrastructure. Rex runs on AWS. Authentication is handled via WorkOS with support for enterprise SSO. We are pursuing SOC 2 Type II certification.

Supply chain. We depend on Anthropic (via AWS Bedrock) for LLM inference. We monitor dependencies and maintain version control across our stack. We do not use open-source or third-party models.

ML-specific vulnerabilities. We consider the OWASP ML Security Top 10 in our development lifecycle. Most categories (data poisoning, model inversion, membership inference, model theft, transfer learning attacks, model poisoning) are structurally mitigated by the fact that we do not train or host models. For the categories that are relevant to our architecture — input manipulation, supply chain, and output integrity — we apply appropriate controls including input validation, server-side inference, and structured output handling.

AI governance

Rex maintains internal policies covering data handling, model evaluation, and human oversight. We do not generate or surface content that is presented as human-authored — all system outputs are clearly attributed. We apply consistent, policy-driven rules rather than discretionary judgment, which structurally reduces bias risk in operational decisions.

Questions

If you have questions about how Rex handles your data or secures its AI systems, contact us at security@rex.inc.