Trust
Security practices
Orqen AI Ltd is built for teams routing production agent traffic. This page describes how we protect credentials, what we retain, and which services process data on your behalf. We do not claim certifications we have not earned — see our compliance roadmap below.
Encrypted provider keys
Customer LLM credentials are encrypted using envelope encryption with a per-customer data encryption key (DEK) wrapped by a KMS master key. Plaintext keys never hit the database. Keys decrypt in memory only when forwarding a request.
Hashed API keys
Orqen API keys are stored as hashes. Full secrets are shown once at creation. Production traffic uses HTTPS.
Privacy-preserving logs
Request logs store routing metadata — model, latency, token counts, tool counts — not raw prompts or provider request bodies by default.
Operational monitoring
Error and performance diagnostics help us maintain reliability. Browser diagnostics require consent and are not intentionally linked to customer IDs.
Provider credential encryption
When you save a provider key in the dashboard, Orqen encrypts it using envelope encryption: a KMS-managed master key wraps a unique per-customer data encryption key (DEK), which in turn encrypts the credential. The master key material never leaves the key management service, and the DEK is cached in process memory for a short window before being discarded. Decrypted credentials exist only in memory for the duration of a forwarded request. A short-lived Redis cache uses a separate ephemeral encryption layer so a Redis compromise alone does not expose plaintext keys. Legacy credentials encrypted under earlier schemes are transparently re-encrypted to the current envelope format on first access.
Data retention
Request logs are retained for a configurable period — currently 90 days by default. Account records, encrypted provider credentials, routing preferences, and billing pointers are kept while your account is active. When you delete your account, Orqen removes local customer data including API keys, provider keys, request logs, and dashboard statistics. See our Privacy Policy for full detail on deletion and backup overwrite schedules.
Subprocessors
Services that process data to operate Orqen include:
- Supabase — authentication and database.
- Stripe — billing, subscriptions, and payments.
- AWS — key management (KMS) and infrastructure for credential encryption.
- Railway — application hosting and deployment.
- Resend — transactional email notifications.
- PostHog — optional product analytics (consent-gated).
- Sentry — error monitoring and diagnostics.
- Your LLM providers — Anthropic, OpenAI, AWS Bedrock, and others you connect when Orqen forwards requests on your behalf.
- Groq — optional enrichment pipeline used internally for certain Pro optimisation paths; not user-configurable.
Enterprise customers requiring a Data Processing Agreement (DPA) may contact security@orqen.app.
Compliance roadmap
Orqen AI Ltd (company no. 17241802, registered in England and Wales) is registered with the UK Information Commissioner's Office (ICO) as a data controller (registration ZC156922, registered 26 May 2026). We follow security practices appropriate for an early-stage infrastructure product: encryption at rest for provider keys, access controls, retention limits, and account deletion.
Formal certifications such as SOC 2 remain on our roadmap as customer demand and operational maturity warrant — we will not display badges for audits we have not completed.
Questions about security reviews or vendor questionnaires: security@orqen.app