Data Security

API Keys

Every Dxn account comes with two API keys, each with a different scope.

Admin key — full access. Use this server-side only. It can create, read, update, and delete policies, and retrieve past decisions. Never expose this in client-side code or public environments.

Public key — restricted access. This key can only call POST /decisions and read the result back. It cannot retrieve policies, list decisions, or access any stored data. It is designed for public-facing use cases — a pricing calculator on your website, an eligibility check in a mobile app — where you want users to get the output of a decision without being able to inspect the underlying rules or historical results.

Infrastructure

Dxn's decision engine runs in AWS eu-west-1 (Ireland). The API gateway is deployed globally, so requests are routed to the nearest edge node regardless of where your users are, but evaluation always happens in eu-west-1.

If your use case has strict data residency requirements, keep this in mind when deciding what you pass as inputs.

What Dxn Does — and Doesn't — Store

Inputs

Dxn never logs, reads, or stores your decision inputs. The data you send in the inputs field is used to evaluate your policy and then discarded.

To support auditability without storing raw data, Dxn generates a one-way hash of the input payload at evaluation time. You can use this hash to verify that a given set of inputs produced a specific decision result — but the hash itself is never logged or persisted on Dxn's systems.

Outputs

Dxn does store the decision output — the result returned by your policy evaluation. This is what allows you to retrieve a past decision later via GET /decisions/{decisionId}.

If your policy processes PII, make sure the output does not include it. If a field containing personal data is not needed in the response, do not include it as an output node in your decision model. Dxn will only store what your policy returns — so the simplest way to keep PII off Dxn's systems is to keep it out of your policy output.

Summary

	Stored by Dxn
Decision inputs	No
Input hash	No
Decision output	Yes
Policy document	Yes

If you have questions about a specific compliance requirement or data handling scenario, contact us at [email protected].

Last modified on April 22, 2026

What is Dxn?Pricing

API Keys

Every Dxn account comes with two API keys, each with a different scope.

Admin key — full access. Use this server-side only. It can create, read, update, and delete policies, and retrieve past decisions. Never expose this in client-side code or public environments.

Infrastructure

If your use case has strict data residency requirements, keep this in mind when deciding what you pass as inputs.

What Dxn Does — and Doesn't — Store

Inputs

Dxn never logs, reads, or stores your decision inputs. The data you send in the inputs field is used to evaluate your policy and then discarded.

Outputs

Dxn does store the decision output — the result returned by your policy evaluation. This is what allows you to retrieve a past decision later via GET /decisions/{decisionId}.

Stored by Dxn

Decision inputs

Input hash

Decision output

Yes

Policy document

Yes