Skip to main content
Curate King logoCurate King

CurateKing

Security & trust

The safeguards, policies, and practices we use to protect your workspace data and keep CurateKing reliable for your team.

← Back to home

Last reviewed: September 25, 2025

CurateKing is built for collaboration and consistency. We invest in security so that your team can focus on creating, not worrying about unauthorized access or data loss. Below is an overview of our current program.

1. Infrastructure & data protection

  • All traffic is encrypted in transit via TLS 1.2+ and HSTS.
  • Production data is stored in encrypted databases with daily backups and point-in-time recovery.
  • Secrets are managed through isolated environment variables and rotated regularly.
  • We separate production and staging environments and restrict access based on least privilege.

2. Application security

  • Passwords are hashed with industry-standard algorithms (bcrypt) before being stored.
  • Multi-factor authentication is available for all accounts and strongly recommended.
  • Role-based permissions ensure teammates only see the Sites, prompts, and analytics they need.
  • Automated dependency monitoring alerts us to vulnerable packages so we can patch quickly.

3. Operational practices

  • Employee access to customer data is limited to vetted personnel with business need and audit logging.
  • All laptops use full-disk encryption, strong passwords, and automatic screen locking.
  • We provide regular security awareness training and phishing simulations for the CurateKing team.
  • Incident response playbooks define how we triage, communicate, and remediate issues.

4. Reliability & monitoring

  • Real-time monitoring covers uptime, latency, and background jobs with alerting to our on-call engineers.
  • We run automated tests and CI/CD checks before deploys and use progressive rollouts to reduce risk.
  • Public availability is tracked on our status page, including incident history and uptime metrics.
  • Business continuity plans include redundant infrastructure and tested recovery procedures for critical services.

5. Responsible disclosure

We welcome reports from the security community. If you discover a vulnerability or suspect unauthorized access, please email security@curateking.com. Include relevant details so we can reproduce the issue. We aim to acknowledge new submissions within two business days.

6. Compliance roadmap

CurateKing follows industry best practices today and is actively investing toward SOC 2 Type II readiness. We will update this page as certifications are achieved and policies evolve.

7. Questions or requests

Need a signed DPA, penetration test summary, or have another security question? Reach out at security@curateking.com or contact us via the support form. We are happy to help.