Security • Rekaro

Security and governance for AI support in procurement

Rekaro is built for procurement teams that need higher speed without giving up control. We combine AI support within clear limits, traceable approvals, role-based access, and modern platform security so supplier selection, RFQs, and supplier dialogue remain reviewable from start to decision.

Rollstyrning och SSO-stödGodkännanden i kritiska stegSpårbar historikDataminimering

Traceable history

Workflow history, notifications, and decisions remain traceable.

Godkännanden

Critical AI steps are reviewed before anything is executed.

Access

Role-aware flows for buyers, suppliers, and administrators.

Observability

Request IDs, Sentry, and CSP reporting improve incident response.

Identitet och åtkomst

Role-based access across procurement, supplier, and admin flows

Autentisering med JWT och Supabase-baserade lager

Approvals before high-impact AI steps

Plattformsskydd

Security headers and CSP reporting on the public surface

Backend validation, rate limiting, and idempotency controls

Sentry and request IDs for safer incident handling

AI support governance

Prompt and tool boundaries for controlled automation

Traceability around approvals, tool calls, and workflow steps

Flexibility across model providers through OpenRouter and Gemini

Controls

How Rekaro reduces risk in production

The platform is built to reduce risk around AI-assisted procurement decisions through validation, clear control points, and systems that can be followed up.

All AI traffic passes through backend-controlled boundaries.

Protected flows use role-based access, approvals, and traceable state changes.

The frontend sends CSP reporting and hardened security headers for stronger browser protection.

Backend routes use schema validation, rate limiting, idempotency, and clear error handling.

Decision support remains understandable for users: approval flows, supplier comparisons, and procurement actions are presented as governed workflow steps rather than opaque automation.

Sub-processors

Current platform and data handling support

Dessa tjänster stödjer den nuvarande Rekaro-plattformen. Listan ska uppdateras när arbetsflöden, säkerhetskrav eller modellleverantörer förändras.

Supplier

Purpose

Vercel

Frontend hosting and edge delivery

Supabase

PostgreSQL, authentication, and managed platform services

OpenRouter

AI gateway for governed routing between language models

Google Gemini

Optional model provider for selected AI flows

Sentry

Error monitoring and production diagnostics

Encryption

TLS in transit and managed platform primitives across the deployed stack.

BCP

Operational visibility, logs, and controlled rollbacks are a central production priority.

Privacy

Rekaro is built around data minimization and clear governance across teams and roles.

Frequently asked questions

What larger teams usually want to verify

These are the questions procurement, IT security, and finance usually want clarified before moving ahead with a pilot or rollout.

Are models trained on our procurement data?

Handling is governed per provider and workflow. Rekaro is built for controlled usage, approvals, and clear visibility for accountable operators.

How are critical AI actions controlled?

Critical actions pass through approvals, backend validation, and traceable workflow steps before anything changes in the procurement flow.

What does your security work prioritize?

Access control, traceability, data minimization, encryption in transit, validated APIs, and clear governance for AI support in procurement flows.

Next step

Bring procurement, IT security, and finance into the same review

Use the pricing, product, and security pages together when evaluating a pilot. That gives stakeholders a shared view of impact, governance, and technical posture from the first meeting.

Security and governance for AI support in procurement

Rollstyrning och SSO-stödGodkännanden i kritiska stegSpårbar historikDataminimering