Security First. Always.
Curiosity is built with security at its core to protect your data, respect your boundaries, and meet the highest enterprise security standards.
Hosting
Control
Status
On-premise hosting available
With On-Premise Workspaces, your data always stays in your environment (can be completely air-gapped).
Data centers with certified providers
With Cloud Workspaces, data is hosted with providers with industry-recognized certifications (e.g., ISO 27001, SOC 2).
Data centers in Europe
Cloud Workspaces are hosted on Hetzner, a European provider with infrastructure in Europe.
Isolated tenant environments
Customer data is separated in isolated tenants.
Secure infrastructure management
Deployment and secrets are managed through dedicated secure systems with restricted access.
Regular security patches applied
Hosting environments receive frequent OS and dependency updates.
Control
Status
Data encrypted in transit
All communication uses TLS 1.2+ to protect data in transit.
Data encrypted at rest
All data stored in Curiosity Workspaces is encrypted using AES-256.
Encrypted secret management
Sensitive tokens and credentials are stored encrypted using secret-management tools.
No model training on customer data
Customer data is never used to train shared or public AI models.
Control
Status
Single Sign-On (SSO)
Authentication integrates with providers like Google, Microsoft, OKTA, Auth0, and SAML2.
Multi-factor authentication enforced through IdP
Customers using SSO can enforce MFA through their identity provider.
Strict internal access controls
Only authorised Curiosity personnel can access production systems, and only when required.
Least-privilege and need-to-know access
Internal roles follow strict minimal-access principles.
Access control for features
Controls for restricting user access to specific Workspace features.
Control
Status
Flexible relationship based access control (ReBAC)
Customers can manage permissions for teams, workspaces and user roles.
Permissions sync with data sources
Permissions can be synced with data sources to avoid duplication and propagate changes.
Permissions automatically reflect across all features
Permissions are handled at the graph database level, so they reflect across all features.
AI access restricted by permissions
AI features only use or generate content the user is authorized to access.
Configurable assistant behavior
Admins can restrict AI models, data sources, and tools access per workspace.
Control
Status
Comprehensive activity logging
User actions like search, file access, edits and settings changes can be logged.
Security event monitoring
Relevant events can be monitored to detect anomalies or unauthorised access.
Download and data-access logs
Workspace admins can monitor exports and file downloads.
AI action logging available
Assistant queries, generated outputs, and model interactions can be logged for compliance.