Overview
Ref is built with security and privacy as core principles. This page outlines our security architecture, data handling practices, and compliance efforts. Key areas include:- MCP Implementation: Local and remote server protocols with API key authentication
- Data Protection: End-to-end encryption, isolated multi-tenant architecture, and comprehensive audit logging
- Compliance: SOC2 certification in process with Vanta (see our Trust Center)
- Monitoring: Real-time health checks and public status updates
MCP
Protocols
Ref provides an open-sourcestdio server that can be run locally and a streamable-http that is connected to remotely.
Authentication
Ref allows use of API keys or OAuth for authentication. Ref’s implementation of MCP OAuth is in beta as of Nov 15, 2025. Ref also supports SSO for organizations via Scalekit. The easiest way to rollout Ref to an organization is a combination of SSO and MCP OAuth. If you are interested in MCP OAuth and/or SSO, please reach out tohelp@ref.tools
Data Handling
Encryption
- In Transit: All data is encrypted during transit. Ref uses MCP streamable-http transport.
- At Rest: Documents and search indices are encrypted at rest in our database.
- Customer Managed Keys: Turbopuffer supports customer managed encryption keys (available upon request).
Data Isolation
We take data isolation very seriously in our multi-tenant environment:- Each team and user has their own isolated namespace in Turbopuffer.
- Indexing jobs run in single, transient, isolated containers. Your documents and credentials are never present at the same time as another team’s data.
- All application data reads go through Firestore rules that enforce user access at the database level.
Audit Logging
- Complete activity logging for users and teams available at ref.tools/activity
- Logs include user identity, tool calls, and arguments
Incident Response
- Internal monitoring via Sentry and Google Cloud alerting tools
- Status updates published at ref.tools/status during incidents
Compliance
Certifications
- SOC2: Currently in progress with Vanta
- For more information, see out Trust Center
Subprocessors & Data Access
Our security model includes the following subprocessors with specific data access patterns:- Turbopuffer:
Stores docsTurbopuffer is the primary search store used by Ref. It is also used by Cursor and Notion. Stores documents, descriptions, and vector embeddings with encryption at rest and isolated namespaces. - Firebase:
Sees and stores docsTemporarily processes search results through Functions and temporarily caches results in Firestore with database-level access controls. All data is encrypted at rest. - Google Cloud Run:
Sees docsProcesses indexing jobs in isolated, transient containers. User docs will be loaded - Google Vertex AI:
Sees docsGenerates document description with zero-data retention policy. - VoyageAI:
Sees docsCreates vector embeddings of docs with zero-data retention policy - OpenAI:
Sees docsPowers research agent functionality with zero-data retention policy. User data will be included in prompts sent to OpenAI. - Anthropic:
Sees no docsPowers evals on public documentation sets with zero-data retention policy. - Stripe:
Sees no docsProcesses payment information with PCI-compliant security standards. - Postmark:
Sees no docsDelivers transactional emails with user contact information. - Mailchimp:
Sees no docsManages marketing communications and newsletter subscriptions. - Mixpanel:
Sees no docsAnalyzes product usage analytics. - Sentry:
Sees no docsMonitors errors and performance with anonymized telemetry data. - Google Workspace:
Sees no docsUsed for communication and coordination. - Slack:
Sees no docsUsed to communicate with partners. - GitHub:
Sees no docsUsed for version control. - Scalekit:
Sees no docsUsed for SSO (Firebase is the IdP) and MCP OAuth.
Monitoring & Health Checks
- Health check endpoint:
api.ref.tools/ping - Internal monitoring and alerting infrastructure
- Status page: ref.tools/status