Know the operational boundary before you buy.
A concise starting point for security, privacy, legal, and procurement reviews. Claims below describe the shipped product without implying certifications that have not been completed.
Deployment and data control
The editor runtime is self-hosted with your application. Content does not need to pass through RichScripts infrastructure. Upload stores, collaboration providers, and AI resolvers are chosen and operated by the customer.
AI privacy
AI Toolkit is bring-your-own-key and provider-agnostic. Your resolver determines the provider, endpoint, authentication, retention policy, logging, and region. RichTextEditor does not require a RichScripts AI proxy.
Application security
The reference server integrations include bounded requests, upload extension and magic-byte validation, HTML sanitization, CSRF guidance, exception masking, health checks, and structured audit hooks. Customers remain responsible for deployment configuration and access control.
Software supply chain
Production packages protect the commercial runtime and release checks reject source-form editor bundles. Framework distributions and static examples are validated during release. Contact support for dependency, SBOM, or vulnerability-review requests.
Accessibility status
RichTextEditor documents keyboard and assistive-technology behavior and includes accessibility checking tools. A third-party VPAT or independent conformance certification is not currently published; we do not represent self-testing as certification.
Licensing and maintenance
Licenses are perpetual for the purchased version and include one year of updates. Continued access to newer releases is optional. Review the license page or contact sales for domain, SaaS, OEM, source, and volume requirements.
Start a review
Send your security questionnaire, procurement requirements, or deployment architecture to our team. We will distinguish shipped controls, customer responsibilities, and requested roadmap work.