Question: Secure RAG usage with confidential / encrypted data

[flefevre]

Hi OpenRAG team,

I’m currently evaluating OpenRAG for enterprise use cases involving confidential and regulated data.

Before moving forward, I would like to better understand the current security model and roadmap regarding sensitive data handling in RAG pipelines.

A few key questions:

• How does OpenRAG handle documents containing confidential or regulated information?
• Is there support (or a recommended architecture) for processing data that is encrypted at rest?
• Are embeddings or vectorized representations considered secure against data reconstruction or leakage attacks?
• Does OpenRAG provide mechanisms for:
  • tenant isolation,
  • access control,
  • document-level permissions,
  • secure retrieval filtering?

The main concern is ensuring that a RAG system can safely operate on highly sensitive datasets without weakening existing security guarantees.

Thanks in advance for your insights.