Curiosity is built with security at its core to protect your data, respect your boundaries, and meet the highest enterprise security standards.
Curiosity is built with security at its core to protect your data, respect your boundaries, and meet the highest enterprise security standards.
Control
Status
With On-Premise Workspaces, your data always stays in your environment (can be completely air-gapped).
With On-Premise Workspaces, your data always stays in your environment (can be completely air-gapped).
With Cloud Workspaces, data is hosted with providers with industry-recognized certifications (e.g., ISO 27001, SOC 2).
With Cloud Workspaces, data is hosted with providers with industry-recognized certifications (e.g., ISO 27001, SOC 2).
Cloud Workspaces are hosted on Hetzner, a European provider with infrastructure in Europe.
Cloud Workspaces are hosted on Hetzner, a European provider with infrastructure in Europe.
Customer data is separated in isolated tenants.
Customer data is separated in isolated tenants.
Deployment and secrets are managed through dedicated secure systems with restricted access.
Deployment and secrets are managed through dedicated secure systems with restricted access.
Hosting environments receive frequent OS and dependency updates.
Hosting environments receive frequent OS and dependency updates.
Control
Status
All communication uses TLS 1.2+ to protect data in transit.
All communication uses TLS 1.2+ to protect data in transit.
All data stored in Curiosity Workspaces is encrypted using AES-256.
All data stored in Curiosity Workspaces is encrypted using AES-256.
Sensitive tokens and credentials are stored encrypted using secret-management tools.
Sensitive tokens and credentials are stored encrypted using secret-management tools.
Customer data is never used to train shared or public AI models.
Customer data is never used to train shared or public AI models.
Control
Status
Authentication integrates with providers like Google, Microsoft, OKTA, Auth0, and SAML2.
Authentication integrates with providers like Google, Microsoft, OKTA, Auth0, and SAML2.
Customers using SSO can enforce MFA through their identity provider.
Customers using SSO can enforce MFA through their identity provider.
Only authorised Curiosity personnel can access production systems, and only when required.
Only authorised Curiosity personnel can access production systems, and only when required.
Internal roles follow strict minimal-access principles.
Internal roles follow strict minimal-access principles.
Controls for restricting user access to specific Workspace features.
Controls for restricting user access to specific Workspace features.
Control
Status
Customers can manage permissions for teams, workspaces and user roles.
Customers can manage permissions for teams, workspaces and user roles.
Permissions can be synced with data sources to avoid duplication and propagate changes.
Permissions can be synced with data sources to avoid duplication and propagate changes.
Permissions are handled at the graph database level, so they reflect across all features.
Permissions are handled at the graph database level, so they reflect across all features.
AI features only use or generate content the user is authorized to access.
AI features only use or generate content the user is authorized to access.
Admins can restrict AI models, data sources, and tools access per workspace.
Admins can restrict AI models, data sources, and tools access per workspace.
Control
Status
User actions like search, file access, edits and settings changes can be logged.
User actions like search, file access, edits and settings changes can be logged.
Relevant events can be monitored to detect anomalies or unauthorised access.
Relevant events can be monitored to detect anomalies or unauthorised access.
Workspace admins can monitor exports and file downloads.
Workspace admins can monitor exports and file downloads.
Assistant queries, generated outputs, and model interactions can be logged for compliance.
Assistant queries, generated outputs, and model interactions can be logged for compliance.