Security

Security at Capitalyx

Your financial data is sensitive. We treat it that way — with enterprise-grade encryption, certified infrastructure, and a commitment to transparency.

✓ AES-256 Encryption

✓ TLS 1.3

✓ GDPR Compliant

✓ SOC2-Ready

🔐Data Encryption

·AES-256 encryption at rest for all stored data

·TLS 1.3 in transit — all connections are encrypted

·Encryption keys managed via cloud KMS

·Database backups encrypted end-to-end

🛡️Access Control

·Authentication via Clerk — SOC 2 Type II certified

·Multi-factor authentication (MFA) supported

·Session management with automatic timeout

·Role-based access controls within organizations

☁️Infrastructure

·Hosted on Vercel Edge Network — global CDN

·Neon Postgres — enterprise-grade managed database

·Isolated tenant data — your data is never shared

·Automatic failover and high availability

🌍Privacy & GDPR

·GDPR compliant — full data subject rights

·We never sell, rent, or trade your data

·Data deletion within 30 days on request

·Data residency: US-East (Neon, Vercel)

⚡Incident Response

·Continuous monitoring and alerting via Sentry

·Security incidents disclosed within 72 hours

·Automated threat detection on all API routes

·Regular security reviews and penetration testing

🔍Responsible Disclosure

·We welcome security researchers

·Report vulnerabilities to support@capitalyx.com

·We respond to all reports within 5 business days

·No legal action against good-faith researchers

Questions about security?

Our team responds to all security inquiries within 5 business days.

support@capitalyx.com