Your revenue data is sensitive. This is how we handle it.
Cursus is built on SOC 2 compliant infrastructure providers (Supabase, Vercel, Render). Your data is stored in PostgreSQL with enterprise-grade reliability and compliance controls.
All data is encrypted in transit using TLS 1.2+ and encrypted at rest using AES-256. API communications are secured with HTTPS. Security headers (HSTS, X-Frame-Options, CSP) are enforced on all responses.
Every database table uses PostgreSQL Row-Level Security (RLS) policies. Users can only access their own data. Playbooks, audits, lab results, and uploaded documents are isolated at the database level, not just the application level.
We never use your data to train AI models. Your company profile, playbook content, and uploaded documents are processed by AI providers (Anthropic Claude, OpenAI) in real-time to generate content. This data is not retained by AI providers beyond the request lifecycle and is not used for model training.
Authentication is handled by Supabase Auth with JWT (ES256) tokens. We support email/password login and OAuth via Google and LinkedIn. Passwords are hashed using bcrypt. Sessions expire automatically and can be revoked.
You own your data. You can export your playbook content at any time as PDF, Word (DOCX), or Markdown. Notion and Confluence integrations provide direct export to your team wiki. You can delete your account and all associated data permanently from the Settings page.
If you discover a security vulnerability, please report it responsibly to security@cursuslabs.com. We take all reports seriously and will respond within 48 hours.
For security-related inquiries, vendor security questionnaires, or compliance documentation requests, contact security@cursuslabs.com.