Back to Home

Security

Last updated: December 2024

Our Commitment to Security

At KREXUM, security is not an afterthought—it's foundational to everything we build. As an AI platform handling sensitive financial data, we implement enterprise-grade security measures that exceed industry standards.

Certifications & Compliance

  • SOC 2 Type II: Independently audited security controls
  • ISO 27001: Information security management certification
  • PCI DSS: Payment card industry data security standard
  • GDPR: European data protection compliance
  • RBI Guidelines: Reserve Bank of India IT framework compliance
  • DFSA: Dubai Financial Services Authority requirements

Infrastructure Security

Data Encryption

  • At Rest: AES-256 encryption for all stored data
  • In Transit: TLS 1.3 for all API communications
  • Key Management: Hardware Security Modules (HSM) for key storage

Network Security

  • Web Application Firewall (WAF) protection
  • DDoS mitigation at edge
  • Network segmentation and micro-segmentation
  • Intrusion Detection and Prevention Systems (IDS/IPS)

Cloud Infrastructure

  • Multi-region deployment for high availability
  • Isolated VPCs for customer data
  • Automated security patching
  • Infrastructure as Code (IaC) for consistent deployments

Application Security

Secure Development

  • Secure Software Development Lifecycle (SSDLC)
  • Automated code scanning (SAST/DAST)
  • Dependency vulnerability monitoring
  • Peer code review for all changes

API Security

  • OAuth 2.0 and API key authentication
  • Rate limiting and throttling
  • Request validation and sanitization
  • Comprehensive audit logging

Access Control

  • Multi-Factor Authentication (MFA): Required for all accounts
  • Role-Based Access Control (RBAC): Granular permission management
  • Single Sign-On (SSO): SAML 2.0 and OIDC support
  • Principle of Least Privilege: Minimal access by default

Data Protection

Data Residency

We offer data residency options in UAE, India, and Singapore to meet regulatory requirements. Enterprise customers can specify their preferred data location.

Data Retention

  • Configurable retention policies
  • Secure data deletion with cryptographic erasure
  • Audit trail for all data operations

Backup & Recovery

  • Automated daily backups with encryption
  • Point-in-time recovery capability
  • Geographic redundancy for disaster recovery
  • Regular recovery testing

AI Model Security

  • Model Isolation: Customer data never used for model training
  • Input Validation: Sanitization of all AI inputs
  • Output Filtering: PII detection and redaction
  • Adversarial Testing: Regular testing against attacks

Monitoring & Response

  • 24/7 Security Operations Center (SOC)
  • Real-time threat detection and alerting
  • Incident response team with defined SLAs
  • Regular tabletop exercises and drills

Penetration Testing

We conduct annual third-party penetration tests and continuous bug bounty programs. Enterprise customers can request test reports under NDA.

Vendor Security

All third-party vendors undergo security assessment before onboarding. We maintain a vendor risk management program with ongoing monitoring.

Security Contact

To report security vulnerabilities or for security inquiries:

  • Email: security@krexum.ai
  • PGP Key: Available upon request

We appreciate responsible disclosure and respond to all reports within 24 hours.