Security • Rekaro

Enterprise security for AI procurement workflows

Rekaro is built for procurement teams that need speed without losing control. We combine governed AI, traceable approvals, role-based access and modern platform protections so sourcing, RFQs and supplier dialogue stay auditable from start to finish.

SOC 2 roadmapISO 27001 aligned controlsGDPR-ready workflowsEU AI Act transparency

Auditability

Workflow history, notifications and decisions remain traceable.

Approvals

Critical AI steps are reviewed before action is finalized.

Access

Role-aware flows across buyers, suppliers and admins.

Observability

Request IDs, Sentry and CSP reporting improve incident response.

Identity and access

Role-based access across buyer, supplier and admin flows

JWT + Supabase-based authentication layers

Approval checkpoints before high-impact AI actions

Platform protection

Security headers and CSP reporting on the marketing surface

Backend validation, rate limiting and idempotency controls

Sentry and request identifiers for safer incident triage

AI governance

Prompt and tool boundaries for controlled automation

Auditability around approvals, tool calls and workflow actions

Model-provider flexibility via OpenRouter and Gemini routing

Controls

How Rekaro reduces risk in production

The platform is designed to minimize blast radius around AI-assisted procurement decisions through validation, explicit control points and observable system behavior.

All AI traffic is routed through backend-controlled boundaries.

Protected flows use RBAC, approval checkpoints and audit-friendly state changes.

Frontend now emits CSP reporting and hardened marketing headers for better browser-side protection.

Backend routes use schema validation, rate limiting, idempotency and safer error handling patterns.

Decision support remains explainable for operators: approval flows, supplier comparisons and procurement actions are framed as governed workflow steps rather than black-box automation.

Sub-processors

Current platform and data handling stack

These providers support delivery of the current Rekaro product surface. The list should be reviewed as procurement workflows and AI providers evolve.

Provider

Purpose

Vercel

Frontend hosting and edge delivery

Supabase

PostgreSQL, authentication and managed platform services

OpenRouter

AI model gateway for governed LLM routing

Google Gemini

Optional model provider for selected AI flows

Sentry

Error monitoring and production diagnostics

Encryption

TLS in transit and managed platform primitives across the deployed stack.

BCP

Operational visibility, logs and controlled rollback paths remain a core production priority.

Privacy

Rekaro is built around data minimization and explicit governance across teams and roles.

Frequently asked

Security questions from enterprise teams

These are the themes procurement, IT-security and finance teams usually validate before they move into pilot or rollout.

Do you train on our procurement data?

No-training handling is governed per provider and workflow. Rekaro is built around controlled usage, approvals and explicit operator visibility.

How are critical AI actions controlled?

Critical actions route through approval gates, backend validation and audit-friendly workflow steps before procurement changes are finalized.

What does your enterprise security posture focus on?

Access control, auditability, data minimization, encryption in transit, validated APIs and strong governance for AI-assisted procurement workflows.

Next step

Bring procurement, IT-security and finance into the same review

Use the pricing, product and security pages together when you evaluate a pilot. That gives stakeholders a shared view of ROI, governance and technical posture in the first five minutes.

Enterprise security for AI procurement workflows

SOC 2 roadmapISO 27001 aligned controlsGDPR-ready workflowsEU AI Act transparency