Security

Your keys.
Your voice. Your data.

Every API key is encrypted at rest with AES 256 GCM. Your samples and rules stay private. Your posts stay yours.

Open a workspace
AuthenticationAES 256 GCM
Bring your own key
Keys are encrypted at rest and never returned in full to the browser.
ProviderModelKeyStatus
AnthropicClaude Opus 4.7sk-ant-api03 ████████ JX9k Active
OpenAIGPT 4.1sk proj ████████ 2F7t Ready
GoogleGemini 2.5 ProAIza ████████ Qe4s Ready
xAIGrok 4xai ████████ 81pD Ready
GroqLlama 3.3 70Bgsk ████████ nT2v Ready
Philosophy

Privacy is a product decision.

Rook Signal is built around one idea: your voice should never leave your hands.

Keys

Encrypted. Masked. Unretrievable.

When you paste an API key, Rook Signal encrypts it with AES 256 GCM before it touches the database. The browser never gets the full value back. Not in the UI. Not in the network tab. Never.

  • AES 256 GCM
    The modern standard for authenticated encryption. No custom crypto.
  • Masked in the UI
    The dashboard shows only the prefix and the last four characters.
  • Mismatch detection
    A wrong key format triggers an immediate warning.
AuthenticationAES 256 GCM
Bring your own key
Keys are encrypted at rest and never returned in full to the browser.
ProviderModelKeyStatus
AnthropicClaude Opus 4.7sk-ant-api03 ████████ JX9k Active
OpenAIGPT 4.1sk proj ████████ 2F7t Ready
GoogleGemini 2.5 ProAIza ████████ Qe4s Ready
xAIGrok 4xai ████████ 81pD Ready
GroqLlama 3.3 70Bgsk ████████ nT2v Ready
Data

Your words. Your samples. Your archive.

The three samples you paste to train your persona are treated as private. They are never shared between workspaces, never pooled for training, and never sold. The archive of your comments belongs to you alone.

  • No pooling
    Personas are isolated per workspace.
  • No training on your voice
    Your samples improve your drafts. Not anyone else's.
  • CSV export any time
    Your history travels with you if you ever leave.
AuthenticationAES 256 GCM
Bring your own key
Keys are encrypted at rest and never returned in full to the browser.
ProviderModelKeyStatus
AnthropicClaude Opus 4.7sk-ant-api03 ████████ JX9k Active
OpenAIGPT 4.1sk proj ████████ 2F7t Ready
GoogleGemini 2.5 ProAIza ████████ Qe4s Ready
xAIGrok 4xai ████████ 81pD Ready
GroqLlama 3.3 70Bgsk ████████ nT2v Ready
What we do

The quiet work of keeping you safe.

Security is boring when it works. Here is how it works.

AES 256 GCM

Authenticated encryption for every key. The modern standard.

BYOK first

Bring your own Anthropic, OpenAI, Google, Groq, or xAI key. We never share one.

Masked always

The full key is never returned to the browser. Not once, not ever.

Rook ID backed

Authentication lives on a shared Rook ID layer. One identity across every Rook product.

Scoped access

Workspaces are sealed. Team roles limit what every member can see and do.

Remove in a click

Delete a key. Revoke it. Rotate it. No hidden copies anywhere.

AES 256
GCM encryption
The modern industry standard for keys at rest.
0
Plain text keys
Not in logs. Not in memory longer than needed.
BYOK
First
Your model. Your rules.
One click
Revoke any key
Remove a stored key in a single action.
FAQ

Questions.

How your keys, samples, and archive are kept safe.

Every key is encrypted with AES 256 GCM before it touches the database and masked in the UI.
Security

Quiet by design. Safe by default.

Your voice is the most valuable thing on your LinkedIn. Rook Signal treats it that way.

Open a workspace