Get Started

Security at Crux

Crux is committed to keeping your data secure.

Data Protection

Crux protects data both in transit and at rest.

  • Data in Transit – TLS v1.2+ encryption 
  • Data at Rest – AES 256 encryption
  • Secret Management – User account passwords are encrypted at the application level before being stored in the database.  Application secrets are encrypted at rest and access is strictly limited.

Secure Development

Secure development best practices have been integrated into the Crux software development lifecycle.  

  • Code repository controls
  • Deployment controls
  • Peer code review
  • Penetration testing
  • Security training for engineers
  • Separation of development, staging, demo, and production environments
  • Threat modeling
  • Vulnerability scanning

Infrastructure Security

Crux is hosted by Supabase and Vercel, which host their services on Amazon Web Services, Azure, and Google Cloud Platform.  Supabase and Vercel share our commitment to security and have achieved compliance with numerous frameworks including SOC 2 Type 2.

Company Policies and Procedures

Crux’s security, risk, and compliance processes were developed based on industry best practices and are reviewed and updated on an annual basis or upon any significant organizational change.

  • Security Policies and Training – All employees go through required training upon hire that is renewed annually.  Policies include:
  • Access Control
  • Asset Management
  • Code of Conduct
  • Cryptography
  • Data Management
  • Human Resources Security
  • Information Security
  • Operations Security
  • Risk Management
  • Secure Development
  • Third-Party Management
  • Platform Security – Ongoing security activities include:
  • Application log alerting, analysis, and retention
  • Penetration testing
  • Vulnerability scanning
  • Incident Response Planning & Team in place to handle any significant security event to triage and respond to establish system resiliency, minimize impact, and protect customer data.
  • Regular Third-Party Security Review that identifies and evaluates security risks of vendors and third parties.

Standards and Certifications

Crux is committed to establishing and maintaining compliance with key information security and regulatory standards starting with Service Organization Control (SOC) 2.  We are scheduled to complete a 6-month SOC 2 audit observation period in May 2024 with an industry-leading auditor with specific expertise in fintech.

Upon completion, Crux’s SOC 2 Type 2 report will be available for limited distribution and shared under non-disclosure agreements.

Helpful Links

  • Supabase Security – https://supabase.com/security
  • Vercel Security – https://vercel.com/security 
Ready to join Crux?
Take less than a minute to tell us about yourself & your needs and we’ll get in touch soon.
Get in touch today
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
AboutNewsletterInsightsCareersContactSecurity
linkedin logo
© 2023 Crux Climate Inc. All rights reserved
1301 Avenue of the Americas, New York, NY 10019
Terms and ConditionsPrivacy Policy

Security at Crux

Crux is committed to keeping your data secure.

Standards and certifications

Crux is committed to establishing and maintaining compliance with key information security and regulatory standards, starting with Service Organization Control (SOC) 2. In May 2024, we finished our six-month SOC 2 Type 2 audit observation period with an industry-leading auditor with specific expertise in fintech. Crux has SOC 2 Type 2 attestation for Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Crux’s SOC 2 Type 2 report is available for limited distribution and shared under non-disclosure agreements.

Data protection

Crux protects data both in transit and at rest.

Data in transit

TLS v1.2+ encryption

Read more

Data at rest

AES 256 encryption

Read more

Secret management

User account passwords are encrypted at the application level before being stored in the database. Application secrets are encrypted at rest and access is strictly limited.

Read more

Secure development

Source development best practices have been integrated into the Crux software development lifecycle:

Code repository controls
Penetration testing
Threat modeling
Deployment controls
Security training for engineers
Vulnerability scanning
Peer code review
Separation of development, staging, demo, and production environments

Infrastructure security

Crux is hosted by Supabase and Vercel, which host their services on Amazon Web Services, Azure, and Google Cloud Platform. Supabase and Vercel share our commitment to security and have achieved compliance with numerous frameworks, including SOC 2 Type 2.

Company policies and procedures

Crux’s security, risk, and compliance processes were developed based on industry best practices and are reviewed and updated on an annual basis or upon any significant organizational change.

Security policies and training

All employees go through required training upon hire that is renewed annually. Policies include:

Access control
Data management
Risk management
Asset management
Human resources security
Secure development
Code of conduct
Information security
Third-party management
Cryptography
Operations security

Platform security

Ongoing security activities include:

Application log alerting, analysis, and retention
Penetration testing
Vulnerability scanning

Incident response planning and team

in place to handle any significant security event to triage and respond to establish system resiliency, minimize impact, and protect customer data.

Regular third-party security review

that identifies and evaluates security risks of vendors 
and third parties.

Helpful links

Supabase security

Vercel security

Ready to join Crux?

Get started

Sign up for our newsletter

Solutions

Transferable tax creditsDebt marketplaceMarket intelligence

About

AboutCareersCrux in the NewsContact
Terms of service
  |  
Privacy and KYC Policy
  |  
Security