Enterprise-Grade Security
Security, Privacy & Compliance
CortexaOS is built for businesses that handle sensitive data. Here is exactly how we protect yours.
AES-256
Encryption at Rest
TLS 1.3
In Transit
HIPAA
Enterprise Tier
99.9%
Uptime SLA
Data Security
- AES-256 encryption at rest on all stored data
- TLS 1.3 in transit for all API and dashboard traffic
- HTTP-only, SameSite cookies for session management — no localStorage tokens
- Field-level encryption for PHI (Protected Health Information) via AES-256-GCM
- Vercel Edge Network with DDoS protection and WAF
Compliance
- HIPAA compliant on Enterprise tier (Business Associate Agreement available)
- GDPR-ready: data residency in US, EU data export available on request
- SOC 2 Type II — in progress, target: Q4 2026In Progress
- Data Processing Agreement (DPA) available for EU customers
Access Control
- Role-based access control (RBAC) — Owner, Admin, Member roles
- Multi-tenant isolation — teams cannot access each other's data
- JWT sessions with 24-hour expiry, auto-refresh on activity
- Rate limiting on all API endpoints (Upstash Redis-backed)
- Inactivity timeout configurable per account (HIPAA mode: 15-min default)
Responsible AI
- No customer data used to train Anthropic models (zero-retention API policy)
- All AI requests processed via Anthropic API with data processing agreement
- Company Brain data stored encrypted in your team's isolated namespace
- BYOK (Bring Your Own Anthropic API Key) available — your key, your data
Reliability
- Hosted on Vercel Pro with global edge network
- Neon serverless Postgres with automatic backups and point-in-time recovery
- 99.9% uptime SLA on paid plans
- Vercel Analytics and Speed Insights active on all pages
Reporting a Vulnerability
- Responsible disclosure: security@cortexaos.ai
- We acknowledge reports within 24 hours and patch critical vulnerabilities within 72 hours
Security is not a feature. It is the foundation.
Every layer of CortexaOS is built with security-first principles — from database encryption to session management to AI data handling. We do not cut corners so you can run your business with confidence.
Questions about security?
Our team is happy to walk you through our security architecture, compliance posture, and data handling practices.
To report a vulnerability, email security@cortexaos.ai