Dex

Enterprise-grade security, built in from day one

Dex is built on an enterprise-grade security foundation, following stringent international standards and compliance frameworks to keep your data safe and protected.

Certifications & Compliance Frameworks

ISO 27001Information security management systems
ISO 27017Cloud service security controls
ISO 27018Protection of personal data in the cloud
SOC 2 Type IIAudited security, availability & confidentiality

What humans can't do,
Dex can't do either

Dex operates within your real-world permission model — not above it. Every action Dex takes is governed by the same access controls and approval flows that apply to your human administrators.

Policy Engine — deterministic guardrails

Rules that don't bend, regardless of what any AI model suggests. Dex will not act outside defined boundaries.

Approval Engine — human in the loop

Sensitive or irreversible actions require explicit human approval before Dex can proceed — every time.

01

Agent layer

Resolver & CoAdmin agents — your interface to Dex

02

Platform layer

Policy, Reasoning, Approval & Memory engines

03

Integration layer

Teams, Slack, M365 Graph API, Web app

04

Data layer

Per-org tenant databases + secure key store

Infrastructure security

Dex runs on a hardened AWS environment with multiple layers of protection across every component of the stack.

Cloud infrastructure

Hosted on secure AWS environments with industry-standard practices and geographic redundancy.

Encryption everywhere

All data is encrypted in transit (TLS 1.2+) and at rest using AES-256.

Role-based access control

Least-privilege RBAC across all systems — users only access what they need.

Continuous monitoring

Production systems are monitored around the clock with automated alerting and response.

Annual third-party audits

Independent security audits conducted annually as part of our formal security program.

Enterprise controls

Dex supports the access controls your IT and security teams already rely on.

Single Sign-On (SSO)

Integrate with your existing identity provider — no separate credential management required.

Multi-Factor Authentication (MFA)

Enforce MFA across all access points to protect against credential-based attacks.

Data protection & privacy

Dex follows data protection regulations that meet the highest expectations for privacy and regulatory compliance globally.

GDPR

Dex supports compliance with privacy rights and data handling requirements for European users — including data subject access rights, retention controls, and lawful processing.

HIPAA / HITRUST

Operational measures aligned with HIPAA for healthcare-related use cases through HITRUST-mapped security controls, enabling healthcare organizations to deploy Dex with confidence.

Frequently asked questions

Learn more

Our Technology →|Documentation →|How It Works →