Frequently asked questions.

Generated scripts follow the seven-section Rinox template and pass the RINOX IRON standard (Phase 0 pipeline plus Appendices A-E). For platforms with uploaded API documentation, accuracy is high enough that most scripts run after only environment-variable configuration. For platforms relying on the model's training knowledge, we render a disclaimer recommending you verify endpoints against your specific version before production use.

API keys, OAuth2 client-credentials, basic auth, bearer tokens, HMAC-signed requests, mutual TLS, and platform-specific schemes such as Splunk HEC tokens, Falcon API client/secret pairs, and Sentinel app-only auth via Entra ID. Credentials are always loaded from environment variables, never hardcoded.

Not yet. Today Rinox runs on rinox.io. Enterprise self-hosting is on the roadmap. If your environment requires it, reach out via the contact form.

Generation prompts and outputs are retained for up to 30 days to support troubleshooting and quality improvement. After that, generation records are removed from production systems. See the security page for the full retention policy.

The active model is configurable from the admin panel and can be switched between Claude Opus, Sonnet, and Haiku without redeploying. The default is Claude Sonnet 4.6. The model in use is recorded with every generation for traceability.

No — generation is automated. You should review and test every script before production use. We do log generations for support and quality, but a human does not approve each output before you see it.

Uploaded documentation is extracted, normalised, and indexed so future generations against that platform can use it. Admin-uploaded docs are auto-approved; user submissions enter a review queue. Documents are stored encrypted at rest and can be removed on request.

New accounts get five free generations. After the limit, you can request enterprise access via the contact form. The free count and what counts as a generation are configurable from the admin panel and may change as we tune the product.

There is no formal SLA today. We aim to respond to support requests within two business days. Customers on enterprise pilots get a named contact and a defined response window — request access via the contact form.

Yes. The application database uses row-level security keyed on the authenticated user; service-role access is constrained to server-side workloads. Generations, prompts, and uploaded documents are not visible across accounts.

Demisto/Cortex XSOAR Cloud, Tines, Tenable.io, Wiz, and Snowflake security analytics are on the short list. The full roadmap is informed by contact-form requests, so file a request if you need a specific platform.

No. The system prompt and the RINOX IRON spec are core IP. You can see the structure of the output (the seven sections are documented on the home page) and you fully own the generated code.

Yes. The generator detects one-off vs. recurring use cases and simplifies the pipeline accordingly. One-off scripts skip state-management and cursor tracking; scheduled jobs get the full Iron Pipeline with cursor advancement gated on delivery success.

Account holders can request a data export by emailing the privacy contact. Programmatic export is on the roadmap.

Failed generations do not consume a free-tier credit. The error and remediation hint are surfaced inline; for repeated failures, the contact form is the right escalation path.