Security

Security is foundational

We treat security as a core product requirement, not a checkbox. Every system we build is designed with security in mind from day one.

Celix

Our security principles

The foundational beliefs that guide our security decisions.

Least Privilege

Access is granted on a need-to-know basis. Systems and people only have the permissions required to perform their specific functions.

Encryption Everywhere

Data is encrypted in transit and at rest. We use industry-standard encryption protocols and regularly rotate keys.

Secure by Default

Security is not an afterthought. Every feature is designed with security considerations from the start, not bolted on later.

Transparency

We are open about our security practices. When incidents occur, we communicate clearly and take responsibility.

Celix

Data handling

How we approach the data you trust us with.

Minimal Collection

We collect only the data necessary to provide our services. If we do not need it, we do not ask for it.

Purpose Limitation

Data is used only for the purpose it was collected. We do not sell user data or use it for unrelated purposes.

Retention Limits

We retain data only as long as necessary. When data is no longer needed, it is securely deleted.

User Control

Users can access, export, and delete their data. We provide tools to make data management straightforward.

Infrastructure security

Our infrastructure is hosted on industry-leading cloud providers with robust security certifications. We implement defense in depth, with multiple layers of protection at every level.

Network access is strictly controlled, and all production systems are isolated and monitored. We use infrastructure as code to ensure consistent, auditable configurations.

Security practices

  • Regular security audits and penetration testing
  • Automated vulnerability scanning
  • Secure software development lifecycle
  • Employee security training
  • Incident response procedures
  • Regular backup and disaster recovery testing

Compliance

We follow industry best practices for security and privacy. While we may not hold specific certifications at this stage, we implement controls that align with recognized frameworks.

As we grow, we will pursue formal certifications appropriate to the markets we serve. Our commitment to security does not depend on having a certificate—it is how we operate.

Responsible disclosure

We take security reports seriously. If you discover a potential security vulnerability in any of our products, we encourage you to report it responsibly.

Please email security concerns to contact@celix.co. We will acknowledge receipt within 48 hours and work with you to understand and address the issue.

When reporting, please include:

  • A description of the vulnerability
  • Steps to reproduce the issue
  • Any relevant screenshots or logs
  • Your contact information