Security
Curvexia is designed to operate inside institutional security perimeters — with clear access boundaries, private deployment posture, and governance-aligned operation.
Security by deployment design
Curvexia is deployed inside client-controlled environments and is designed to inherit the identity controls, network boundaries, and governance standards already in place. Detailed controls are shared during a private walkthrough.
Access & identity
- Role-based access aligned to desk and function
- Review controls and human oversight by design
- Clear separation between analysis, review, and action ownership
Isolation & hardening
- Isolated runtime per client environment
- Hardened deployment artifacts and constrained service surface
- No pooled inference or shared client data across institutions
Operational controls
- Read-only data access by default
- Operates only on client-authorised data sources
- Separation from execution systems by design
Audit & oversight alignment
- Designed to support governance and oversight review
- Time-stamped behaviour and change visibility
- Supports internal audit and reporting workflows
Website security
- HTTPS with modern security headers
- Strict Content Security Policy (CSP)
- Rate-limited public endpoints
Vulnerability disclosure
Report concerns via the contact form. Please do not include proprietary or sensitive data in your report.
Curvexia operates as governance-grade decision intelligence inside institutional perimeters. Security controls, access boundaries, and oversight expectations are aligned by design.