Get Started

Security at Crux

Crux is committed to keeping your data secure.

Data Protection

Crux protects data both in transit and at rest.

  • Data in Transit – TLS v1.2+ encryption 
  • Data at Rest – AES 256 encryption
  • Secret Management – User account passwords are encrypted at the application level before being stored in the database.  Application secrets are encrypted at rest and access is strictly limited.

Secure Development

Secure development best practices have been integrated into the Crux software development lifecycle.  

  • Code repository controls
  • Deployment controls
  • Peer code review
  • Penetration testing
  • Security training for engineers
  • Separation of development, staging, demo, and production environments
  • Threat modeling
  • Vulnerability scanning

Infrastructure Security

Crux is hosted by Supabase and Vercel, which host their services on Amazon Web Services, Azure, and Google Cloud Platform.  Supabase and Vercel share our commitment to security and have achieved compliance with numerous frameworks including SOC 2 Type 2.

Company Policies and Procedures

Crux’s security, risk, and compliance processes were developed based on industry best practices and are reviewed and updated on an annual basis or upon any significant organizational change.

  • Security Policies and Training – All employees go through required training upon hire that is renewed annually.  Policies include:
  • Access Control
  • Asset Management
  • Code of Conduct
  • Cryptography
  • Data Management
  • Human Resources Security
  • Information Security
  • Operations Security
  • Risk Management
  • Secure Development
  • Third-Party Management
  • Platform Security – Ongoing security activities include:
  • Application log alerting, analysis, and retention
  • Penetration testing
  • Vulnerability scanning
  • Incident Response Planning & Team in place to handle any significant security event to triage and respond to establish system resiliency, minimize impact, and protect customer data.
  • Regular Third-Party Security Review that identifies and evaluates security risks of vendors and third parties.

Standards and Certifications

Crux is committed to establishing and maintaining compliance with key information security and regulatory standards starting with Service Organization Control (SOC) 2.  We are scheduled to complete a 6-month SOC 2 audit observation period in May 2024 with an industry-leading auditor with specific expertise in fintech.

Upon completion, Crux’s SOC 2 Type 2 report will be available for limited distribution and shared under non-disclosure agreements.

Helpful Links

  • Supabase Security –
  • Vercel Security –