CerebrumX
THE BRAIN BEHIND YOUR COMPANY

Security & Trust

Last updated: 24 June 2026

CerebrumX connects to the tools your team already uses and turns your conversations into a searchable company memory. That means you're trusting us with sensitive data — so this page explains, in plain terms, exactly what we access, how we protect it, who else touches it, and the controls you keep.

What we access — and what we never do

How your data is handled

Our security practices

We're an early-stage company and we believe in being straight about it: we are not yet SOC 2 certified, and we won't claim certifications we don't hold. We're happy to talk through our practices directly with your security team.

Subprocessors

We use a small number of trusted providers to run the service. We don't sell your data, and we never use it for advertising.

ProviderPurpose
SupabaseDatabase, authentication & storage (hosted on AWS)
Anthropic (Claude)AI extraction of decisions/actions from your text. Per Anthropic's API terms, your data is not used to train their models.
VercelApplication & API hosting
StripePayment processing
ResendTransactional email (invites, reports)
SentryError monitoring

Your controls, in one place

Reporting a vulnerability

Email: support@cerebrumx.org with a subject line starting "SECURITY:"

Please include reproduction steps, the affected URL or endpoint, and the impact you believe the issue has.

We acknowledge every report within 48 hours and aim to resolve confirmed issues within 30 days. Critical issues (data exposure, account takeover, payment bypass) get immediate attention.

Safe harbor

If you make a good-faith effort to comply with this policy during your research, we will not pursue legal action against you, as long as you:

Contact

Security & privacy questions: support@cerebrumx.org