Our clients rely on Cruxx to protect their data, and we take that trust very seriously. At Cruxx, we are dedicated to providing innovative technology while maintaining our commitment to data security. Our application is built with a multi-layered security approach, reinforced by secure development practices and third-party assessments. Our priority is to deliver product features that enhance workplace productivity without compromising security.

We understand that entrusting us with your data is a significant decision. That’s why we have established a robust security program to give you peace of mind. We ensure that each customer’s data is securely isolated from others, and we apply strict access controls within our team. Cruxx never views your data without your knowledge and will never create or sell meta-reports from it. Our sole focus is on delivering the value we promise.

​

 

Compliance

Our approach to information security and data privacy considers people, processes, and technology.

Our services are hosted on Amazon Web Services, a cutting-edge datacenter that employs advanced architectural and engineering practices. Amazon's datacenters are verified for compliance with numerous stringent standards, regulations, and frameworks. For more information on Amazon's compliance, visit AWS Compliance.

​

​

Data Privacy

At Cruxx, we are committed to maintaining the highest standards of privacy and security for our customers. Our approach to privacy and security is comprehensive, incorporating advanced technologies and best practices to protect your information at every step.

​

We never share your internal data with any other client or partner. 

We prioritize the confidentiality and security of your data by ensuring it is clearly segmented from other clients' data. We never share or mix your data with other clients, ensuring complete confidentiality and peace of mind as you leverage our insights to enhance your business. Our commitment to data security means you can trust that your information is handled with the utmost care and protected from unauthorized access.

 

No other 3rd party vendor or tech provider stores your data. 

For certain output, we send a representational segment of your data to a 3rd party LLM like GPT. LLMs are designed to provide powerful natural language processing output without retaining any specific input data. When we train an LLM, it stores the learned patterns, weights, and parameters derived from the training data but does not retain any specific content or identifiable information from the original dataset. This approach ensures that while we harness the full potential of AI to deliver valuable insights, your data remains private and protected, upholding the highest standards of confidentiality and security."

 

Brand name redacted
When sending data to LLMs for processing, Cruxx ensures that your privacy is protected by redacting all brand names and other sensitive information, keeping your data anonymous and secure. 

 

No PII shared with any 3rd party vendor or tech provider
If the client shares Personally identifiable information (PII) of their customers with Cruxx, we do not share that with any third party vendor or tech provider.

​

​

Application & Product Security

Authentication

• Users can authenticate via login credentials.

• User passwords are protected by the latest recommendations for strong encryption and hashing (i.e. AES-256 and bcrypt).

 

Access Controls

• Our system has a multitenant architecture that logically separates customer data through access control that is based on company, users, and roles. Our application has extensive access control lists, authentication, and authorization mechanisms that allow data access for authorized users only.

• All customer accounts are assigned a unique ID which will allow access to only services and data consistent with the privileges assigned.

​

​​

Secure Architecture

Redundant and Scalable Infrastructure

• Cruxx data and services are deployed across geographically distributed availability zones managed by Amazon Web Services, an industry-leading provider. 

• Our scalable infrastructure ensures high availability by distributing application loads across resources. 

• We isolate network resources to restrict inbound traffic from untrusted zones, and we define capacity thresholds to automatically provision additional resources during spikes in application demand.

Encryption

• We use the latest recommended secure cipher suites to encrypt all traffic in transit, including TLS 1.2 protocol and SHA2 signatures for data traveling between clients and Cruxx services, as well as between Cruxx services over public networks. 

• AES-256 bit encryption is used to protect application and customer data at rest. We adhere to a strict key management policy that includes a key rotation procedure and minimum entropy requirements, with access limited to authorized key custodians.

Threat Monitoring

• We employ technology and tools to detect and alert on potential network intrusions, command and control attempts, or system compromises. 

• Our documented security incident response process includes escalation procedures, root cause analysis, impact assessment, and containment. We communicate promptly with affected customers, third parties, and authorities.

Recovery Capabilities

• To ensure continuity in case of a regional outage, data is replicated across multiple availability zones. We perform complete data backups daily and observe proactive retention periods. 

• Our backup restoration procedures are documented and tested regularly to ensure their effectiveness. 

• Our disaster recovery strategy is documented, with designated responsible personnel, and is supported by regular reviews with our security team.

​

​

Secure build

Design & Build Practices:

• We have a Software Development Lifecycle (SDLC) policy that guides engineers in following best practices for development and change control. 

• Our code undergoes evaluation for design, functionality, and potential security vulnerabilities. 

• Changes to the source code are managed through a standardized change management process. 

• Along with automated and manual testing, our code is peer-reviewed before deployment to production.