Skip to main content
Curvestone AI
Security

CurvestoneSecurity.

Enterprise security for highly confidential compliance data. ISO 27001 certified. UK/EEA hosted. Zero data retention.

Request security packSee docs
Defense in depth4 layers
Audit
Every action logged with timestamps
Access
SSO + role-based controls
Encryption
TLS in transit, AES-256 at rest
Your data
UK / EEA hosted · Zero retention by default
Standards

Independently verified.

ISO 27001

Independently audited information security management system. Annual third-party certification.

UK/EEA Hosted

Data processed and stored within UK/EEA data centres on Microsoft Azure. Your data stays where your regulations require.

Data handling

How we protect your data.

Your data stays yours

Documents and case data cannot be accessed by the Curvestone team. Encrypted in transit (TLS 1.2+) and at rest (AES-256). Nothing shared, sold, or used for any purpose beyond your compliance checks.

Zero data retention

Your data is never stored beyond processing. Zero retention by default. Configurable retention where required by your compliance framework.

Never used to train models

Your data is never used to train AI models — ours or anyone else's. Architecturally enforced, not just a policy decision.

Full audit trail

Every action, decision, and data access is logged with timestamps. Complete traceability for regulatory compliance and internal audit.

Flexible deployment

Cloud-hosted on Microsoft Azure (SaaS), or deployed within your own secure Azure environment. Choose the model that meets your requirements.

Access controls

Role-based access control, SSO integration (SAML, OIDC), and granular permissions. Auto-provisioning via Azure AD group claims.

Access controls

Role-based access, policy-enforced.

SSO via SAML or OIDC, auto-provisioning through Azure AD group claims, and granular per-workflow permissions. The same review pipeline enforces the same guardrails for every user — no side doors, no ad-hoc access.

  • SSO · SAML and OIDC
  • Auto-provisioning via Azure AD group claims
  • Per-workflow, per-action permissions
  • Session-scoped API keys, rotated per tenant
Compliance

What we comply with.

ISO 27001Certified
GDPRCompliant
UK Data Protection Act 2018Compliant
FCA-aligned data handlingYes
Encryption at restAES-256
Encryption in transitTLS 1.2+
Penetration testingAnnual · CREST-certified
Data residencyUK/EEA · Microsoft Azure
Where it runs

Hosted by us, or in your own environment.

Cloud-hosted (SaaS)

Curvestone hosted on Microsoft Azure. Managed infrastructure, automatic updates, no IT overhead. Suitable for most regulated firms.

Private cloud

Deployed within your own Azure environment. Your infrastructure, your network controls, your data boundary. Full isolation for firms with the strictest data handling requirements.

FAQ

Common security questions.

Questions about security?

For security reviews, DPA requests, or to report a vulnerability — contact our security team directly.

Contact security

Need the detail?

We share security documentation, penetration test results, and compliance certifications directly with your security or procurement team.

Request security pack