Security at Curate-Me

European data centers in Germany (EU), with physical security controls including biometric access, 24/7 CCTV, and redundant power.

All connections use TLS 1.2 or higher. HSTS is enforced. We maintain an A+ SSL Labs rating.

All data at rest is encrypted using AES-256 encryption, including database storage, backups, and log archives.

Strict firewall rules, private networking between services, and no direct database exposure to the public internet.

Automated daily backups with point-in-time recovery. Backups are encrypted and stored in a separate geographic location.

Dashboard and API access is secured with JSON Web Tokens (JWT) with short-lived access tokens and secure refresh token rotation.

All API keys (cm_sk_*) are hashed using SHA-256 before storage. Plaintext keys are shown once at creation and never stored or logged.

Passwords are hashed using bcrypt with appropriate work factors. We enforce minimum password strength requirements.

2FA support via TOTP (authenticator apps). Available for all account types and recommended for organization administrators.

Secure OAuth 2.0 sign-in via Google and GitHub. We request only the minimum required scopes (email and profile).

The gateway proxy validates upstream URLs against an allowlist of known LLM provider endpoints. Internal network addresses, metadata endpoints, and file:// URIs are blocked.

Regex-based scanning detects API keys, passwords, email addresses, phone numbers, SSNs, and credit card numbers in request payloads before they reach LLM providers.

Content safety checks identify common prompt injection patterns and can block or flag suspicious inputs based on your governance policy configuration.

Per-organization and per-key rate limiting prevents abuse and runaway consumption. Limits are configurable per governance policy.

All gateway requests are validated for proper formatting, supported models, and policy compliance before proxying to upstream providers.

All data access is scoped to the authenticated organization. Tenant isolation middleware enforces data boundaries at the API layer, preventing cross-organization data access.

Each API key is bound to a specific organization. Keys cannot access data or resources belonging to other organizations.

Managed runners operate in isolated environments with configurable access tiers (READ_ONLY, WRITE_RESTRICTED, WRITE_PROJECT, FULL_ACCESS). Each runner session is confined to its designated environment.

Runner network access follows a SETUP / EXECUTION / TEARDOWN model. During EXECUTION, network access is severed to prevent data exfiltration.

We are targeting SOC 2 Type II certification. Our security controls are designed to meet the Trust Services Criteria for security, availability, and confidentiality.

Infrastructure hosted in EU (Germany), data processing agreements available on request, data portability via API, and account deletion within 30 days. See our Privacy Policy for details.

Built-in support for human oversight (HITL), immutable audit trails, PII scanning, and record-keeping. See our Compliance page for the full requirements mapping.

27 event types recorded to an append-only audit log covering every gateway request, governance decision, runner lifecycle event, and approval action. Retained for 1 year.

We maintain a responsible vulnerability disclosure program. If you discover a security vulnerability, please report it to security@curate-me.ai. We commit to acknowledging reports within 24 hours and providing status updates within 5 business days.

We will not pursue legal action against researchers who discover and report vulnerabilities responsibly, provided they do not access customer data, cause service disruption, or publicly disclose before we have had reasonable time to address the issue.

Critical security patches are deployed within 24 hours of verification. We notify affected customers via email for any vulnerabilities that may have exposed their data.