Cirquto

Security & Trust

Version 1.0Last updated: 6 March 2026

Cirquto is designed with security and reliability as core principles. This page outlines the measures we implement to protect customer data.

1. Infrastructure

Cirquto uses secure, professionally managed cloud infrastructure providers including:

  • Render — application hosting
  • Supabase — database and authentication
  • Redis — performance caching and real-time features

All infrastructure providers maintain their own security certifications and compliance programmes.

2. Encryption

  • Data is encrypted in transit using TLS.
  • Database storage is encrypted at rest via the infrastructure provider.

3. Access Controls

  • Role-based access control (RBAC) within the platform.
  • Internal access to production systems is restricted to authorised personnel on a least-privilege basis.
  • Authentication is handled via secure credential management.

4. Multi-Tenant Isolation

Customer workspaces are logically isolated using tenant-level access controls. Each workspace operates independently with its own data boundary, ensuring that one customer’s data is never accessible to another.

5. Audit Logging

The platform maintains audit logs of significant system events, including user actions, automation triggers and administrative changes. These logs support compliance and incident investigation.

6. Monitoring

Cirquto monitors system health, performance and security events. Alerts are configured to detect anomalies and respond to incidents promptly.

7. Incident Response

Cirquto maintains an incident response process to handle security events. In the event of a data breach affecting customer data, we will notify affected customers without undue delay as described in our Data Processing Agreement.

8. Vendor Security

Third-party service providers (sub-processors) are evaluated for their security practices before engagement. A current list of sub-processors is available at /subprocessors.

9. Development Practices

  • Code is version controlled and reviewed before deployment.
  • Dependencies are monitored for known vulnerabilities.
  • Environments are separated between development, staging and production.

10. Continuous Improvement

We regularly review and enhance our security measures as the platform evolves and as industry standards develop.

11. Contact

For security related enquiries contact security@cirquto.com.