Security Overview

Our infrastructure is built on industry-leading cloud platforms with enterprise-grade security:

• Hosted on Vercel's secure edge network with automatic DDoS protection
• Database hosted on Neon with automated backups and point-in-time recovery
• All services run in isolated containers with minimal attack surface
• Regular security patches and updates applied automatically
• Multi-region redundancy for high availability

We work with trusted sub-processors who meet our strict security standards:

All sub-processors are bound by strict data processing agreements and security requirements.

We maintain compliance with industry standards and regulations:

• GDPR: Full compliance with EU data protection regulations
• CCPA: California Consumer Privacy Act compliance
• TCPA: Telephone Consumer Protection Act compliance for calls and SMS
• HIPAA: Available for healthcare customers (contact sales)
• SOC 2 Type II: In progress (expected Q2 2025)

In the unlikely event of a security incident:

• We will notify affected customers within 72 hours
• Our security team will investigate and contain the incident immediately
• We will provide regular updates throughout the resolution process
• A post-incident report will be shared with affected customers

To report a security vulnerability, email security@crixin.com

• All employees undergo background checks and security training
• Access to customer data is strictly limited on a need-to-know basis
• Multi-factor authentication (MFA) required for all internal systems
• Regular security awareness training and phishing simulations
• Confidentiality agreements signed by all team members