Struxen Security and Privacy
This page documents the security controls, data practices, and contractual commitments that govern how Struxen handles your organization’s data. All claims on this site reflect the system as it operates today unless explicitly noted otherwise.
Last updated: May 8, 2026
Control Highlights
The following is a summary of key controls. The Controls page contains full descriptions and implementation status for every control.
Sign-in uses Secure Remote Password protocol; passwords are never transmitted to or stored by our servers.
Time-based one-time passwords (TOTP) are available to every user via any standard authenticator app.
Two-layer authorization (organization role + project role) is enforced server-side on every API request.
Every mutation, sensitive read, authentication event, and permission denial is written to an append-only log scoped to your organization.
All data is encrypted at rest (AES-256, AWS KMS-managed keys) and in transit (TLS 1.2 or higher).
Sub-processors
We use 18 vendors across 8 categories: cloud infrastructure, AI models, engineering, observability, productivity, communications, billing, and optional integrations. All core platform data is hosted on Amazon Web Services in the United States.
See the full sub-processor listDocuments Available
Compliance Posture
Struxen is engineered against the AWS Well-Architected Security Pillar, OWASP Top 10 application-security guidance, and GDPR & CCPA data-protection principles. The compliance page details the contractual commitments (DPA, SCCs) and frameworks our controls map to.
See our full compliance postureReporting a Security Issue
If you believe you have found a security vulnerability in any Struxen surface (the application, the marketing site, an API, or an email), email security@struxen.io. Include reproduction steps and the impact you observed. We will acknowledge every report within two business days.
We respond to vendor security questionnaires (CAIQ, SIG Lite, custom) and can schedule a call with your security team. Email security@struxen.io with the subject “Vendor security review.”
Need this in a questionnaire?
We respond to vendor security questionnaires (CAIQ, SIG Lite, custom) and can schedule a call with your security team.
