← Home Terms of Service Privacy Policy Cookie Policy

🔒 Security at CreonOS

Last Updated: February 4, 2026

            Security is Our Priority. CreonOS handles sensitive code and proprietary projects. We implement enterprise-grade security measures to protect your data and maintain platform integrity.
        

✅ TLS 1.3 Encryption ✅ SOC 2 Hosting ✅ Bcrypt Passwords ✅ Rate Limiting ✅ CSRF Protection ✅ Regular Audits

1. Infrastructure Security

1.1 Hosting & Compliance

Railway Infrastructure: SOC 2 Type II certified cloud platform
Data Centers: Multi-region redundancy with automatic failover
Network Security: DDoS protection, firewall rules, intrusion detection
Compliance: GDPR, UK Data Protection Act 2018, ISO 27001 aligned

1.2 Encryption

Data in Transit: TLS 1.3 with perfect forward secrecy
Data at Rest: AES-256 encryption for database and file storage
Passwords: Bcrypt hashing with salt (minimum 10 rounds)
API Keys: Encrypted at rest, never logged in plain text

2. Application Security

2.1 Authentication & Authorization

JWT Tokens: Secure session management with expiration
Session Timeout: 30-day rolling expiration
Password Requirements: Minimum 8 characters, complexity enforced

2.2 API Security

Rate Limiting: 100 requests/minute per IP, 1000/hour per user
CORS Policy: Strict origin validation
Input Validation: Pydantic models with type checking

3. Vulnerability Disclosure Program

🐛 Found a Security Issue? We Want to Hear From You.

CreonOS welcomes responsible disclosure of security vulnerabilities. If you discover a security issue, please report it privately rather than publicly disclosing it.

How to Report

Email: security@creonai.co.uk

Our Commitment

Acknowledgment: Within 24 hours of your report
Updates: Progress reports every 72 hours
Fix Timeline: Critical issues patched within 7 days
No Legal Action: We will not pursue legal action against good-faith security researchers

4. Contact Security Team

For security concerns, questions, or reports:

Email:     security@creonai.co.uk
Support:   support@creonai.co.uk
Emergency: security-emergency@creonai.co.uk (critical issues only)
        

Response Times:

Critical vulnerabilities: < 4 hours
High severity: < 24 hours
Medium/Low severity: < 72 hours

            Security Summary: CreonOS uses enterprise-grade security (TLS 1.3, AES-256, bcrypt, rate limiting, SOC 2 hosting). Your code is isolated, encrypted, and never used for AI training without consent. Found a vulnerability? Email security@creonai.co.uk.
        