Trust and procurement

Know the operational boundary before you buy.

A concise starting point for security, privacy, legal, and procurement reviews. Claims below describe the shipped product without implying certifications that have not been completed.

Deployment and data control

The editor runtime is self-hosted with your application. Content does not need to pass through RichScripts infrastructure. Upload stores, collaboration providers, and AI resolvers are chosen and operated by the customer.

AI privacy

AI Toolkit is bring-your-own-key and provider-agnostic. Your resolver determines the provider, endpoint, authentication, retention policy, logging, and region. RichTextEditor does not require a RichScripts AI proxy.

Application security

The reference server integrations include bounded requests, upload extension and magic-byte validation, HTML sanitization, CSRF guidance, exception masking, health checks, and structured audit hooks. Customers remain responsible for deployment configuration and access control.

Software supply chain

Production packages protect the commercial runtime and release checks reject source-form editor bundles. Framework distributions and static examples are validated during release. Contact support for dependency, SBOM, or vulnerability-review requests.

Accessibility status

RichTextEditor documents keyboard and assistive-technology behavior and includes accessibility checking tools. A third-party VPAT or independent conformance certification is not currently published; we do not represent self-testing as certification.

Licensing and maintenance

Licenses are perpetual for the purchased version and include one year of updates. Continued access to newer releases is optional. Review the license page or contact sales for domain, SaaS, OEM, source, and volume requirements.

Start a review

Send your security questionnaire, procurement requirements, or deployment architecture to our team. We will distinguish shipped controls, customer responsibilities, and requested roadmap work.