SoluCortex SoluCortex
Blog Docs Contact 🇪🇸
Terms Privacy Security
EN · Security

SoluCortex Security Overview

Last updated: 06/07/2026 Security contact: legal@soluai.cl

1. Introduction

SoluCortex is designed as a software-as-a-service platform for managing structured technical memory for software projects. Because the platform may store project context, architecture information, technical decisions, risks, conventions, bug history, technical debt, sensitive module descriptions, external integrations and related metadata, security is an important part of the way SoluCortex is designed, operated and improved.

This Security Overview explains, at a high level, some of the security practices, safeguards and operational principles used by SoluAI in connection with SoluCortex.

This document is provided for transparency and informational purposes. It does not replace the SoluCortex Terms and Conditions, Privacy Policy, Data Processing Addendum or any separate written agreement with SoluAI.


2. Security Approach

SoluAI applies commercially reasonable technical and organizational measures designed to protect SoluCortex, Customer Content, Account data, project memories, API access and related systems against unauthorized access, misuse, alteration, disclosure, disruption or destruction.

Security measures may evolve over time as the platform, infrastructure, providers, risks and technical requirements change.

SoluAI may update, improve or replace specific security controls from time to time in order to maintain or improve the security, reliability and integrity of the Service.


3. Account and Access Protection

SoluCortex uses access controls and authentication mechanisms designed to help ensure that only authorized Users can access Accounts, Workspaces, projects and related Customer Content.

Customers are responsible for managing their Users, permissions, roles, credentials and access configurations.

Recommended customer practices include:

  • using strong and unique passwords;
  • limiting access to authorized Users only;
  • removing Users who no longer require access;
  • protecting email accounts used for authentication;
  • avoiding credential sharing;
  • reviewing permissions periodically;
  • promptly notifying SoluAI of suspected unauthorized access.

4. API Key Protection

SoluCortex may provide API access so Customers can connect project memories, external tools, automations or AI-assisted workflows.

API keys are not intended to be stored in plain text after creation. SoluCortex may store protected representations of API keys or use other suitable mechanisms so that original API keys cannot normally be retrieved after generation.

Customers are responsible for protecting API keys and access tokens.

Recommended practices include:

  • storing API keys securely;
  • never exposing API keys in public repositories;
  • rotating keys when compromise is suspected;
  • using separate API keys for different projects or environments when available;
  • revoking unused keys;
  • limiting access to API keys to authorized personnel only.

5. Project Isolation

SoluCortex is designed to support project-level separation of memories and context.

Project isolation controls are intended to help ensure that Users, API keys or integrations can only access the projects, Workspaces, memories and resources for which they are authorized.

Customers should carefully configure project access, User permissions and integration scopes to reduce the risk of unauthorized access or accidental exposure.


6. Session and Authentication Safeguards

SoluCortex may use session protection mechanisms designed to reduce the risk of unauthorized session reuse, forgery or access outside the intended context.

Such mechanisms may include secure session handling, token protection, expiration controls, signing, encryption or other safeguards appropriate to the Service architecture.

Users should avoid using SoluCortex from untrusted devices, public computers or insecure networks when accessing sensitive project information.


7. Rate Limiting and Abuse Prevention

SoluCortex may apply rate limits, usage thresholds, request controls or other safeguards to protect the Service against abuse, excessive usage, brute force attempts, scraping, automated misuse, denial-of-service activity or infrastructure overload.

SoluAI may monitor, restrict, throttle, block, suspend or disable traffic, API keys, Accounts, Workspaces, Users, integrations or features where reasonably necessary to protect the security, availability, performance or integrity of the Service.


8. SSRF and External Request Protection

Where SoluCortex supports integrations, webhooks, external endpoints or automated requests, SoluAI may implement safeguards designed to reduce the risk of server-side request forgery and related abuse.

Such safeguards may include blocking or restricting requests to private IP ranges, loopback addresses, cloud metadata endpoints or other internal resources where applicable.

Customers are responsible for ensuring that any external endpoints, webhook URLs or integrations they configure are secure, authorized and properly maintained.


9. Production Environment Protection

SoluAI uses commercially reasonable efforts to ensure that production environments do not expose debug information, stack traces, environment variables, internal configuration or sensitive system information to unauthorized Users, browsers or API responses.

Internal errors, logs and diagnostic information are intended to be handled through controlled operational processes.


10. Customer Content and Sensitive Information

SoluCortex is designed to manage structured technical memory. It is not intended to be used as a password manager, secrets vault, regulated health record system, payment card storage system, legal archive, financial record system or specialized repository for highly regulated data unless expressly stated by SoluAI in writing.

Customers should avoid uploading unnecessary sensitive information, including:

  • passwords;
  • private keys;
  • production secrets;
  • access tokens;
  • payment card data;
  • government identifiers;
  • health information;
  • biometric data;
  • children’s data;
  • financial account credentials;
  • third-party confidential information that the Customer is not authorized to process.

Customers are responsible for ensuring that any information uploaded to SoluCortex is lawful, authorized and appropriate for the Service.


11. Infrastructure and Third-Party Providers

SoluCortex may rely on third-party infrastructure, hosting, database, artificial intelligence, payment, email, analytics, monitoring, logging, security or support providers.

SoluAI uses commercially reasonable efforts to select providers appropriate for the operation of the Service and to ensure that relevant providers are subject to appropriate contractual, confidentiality, privacy or security obligations according to the nature of the service.

The availability, performance and security of SoluCortex may depend in part on Third-Party Services.


12. Backups and Recovery

SoluAI may maintain backups, snapshots, logs or other copies of Customer Content, Account data and system data for disaster recovery, business continuity, security, debugging, legal compliance, operational integrity and service restoration.

Backups are not a replacement for the Customer’s own backup, export or archival practices.

Customers should maintain their own copies of any information they need to preserve independently from SoluCortex.

Backup retention and deletion are handled according to SoluAI’s operational processes and the applicable Terms and Privacy Policy.


13. Monitoring and Logging

SoluAI may collect logs, request metadata, performance data, error reports, security events and system activity to operate, secure, troubleshoot, improve and protect SoluCortex.

Monitoring and logging may be used to:

  • detect suspicious activity;
  • investigate errors or incidents;
  • measure performance;
  • prevent abuse;
  • enforce usage limits;
  • support security operations;
  • maintain service reliability.

14. Security Incidents

If SoluAI becomes aware of a security incident that materially affects Customer Content or personal data processed through SoluCortex, SoluAI will take commercially reasonable steps to investigate, contain and mitigate the incident.

Where required by applicable law, applicable agreements or SoluAI’s internal assessment, SoluAI will notify affected Customers or Users without undue delay, considering the nature of the incident, available information, security needs, legal requirements and remediation efforts.


15. Vulnerability Reporting

Customers, Users and security researchers should report suspected vulnerabilities, security weaknesses or misconfigurations to SoluAI through the contact channels made available by SoluAI.

Unless expressly authorized in writing by SoluAI, Customers, Users and third parties must not conduct penetration testing, vulnerability scanning, load testing, stress testing, scraping, automated probing, reverse engineering or similar security testing against SoluCortex.

Reports should be made responsibly and should not involve exploiting, disclosing, accessing, modifying, destroying, exfiltrating or misusing any data, Account, system or functionality.


16. Customer Security Responsibilities

Security is a shared responsibility.

SoluAI is responsible for implementing commercially reasonable safeguards for the platform and related systems under its control.

Customers and Users are responsible for:

  • protecting credentials and devices;
  • managing Users and permissions;
  • securing API keys and tokens;
  • configuring integrations safely;
  • securing external endpoints and webhooks;
  • avoiding unnecessary upload of sensitive information;
  • maintaining backups of important data;
  • complying with applicable laws, internal policies and third-party obligations;
  • promptly reporting suspected unauthorized access or security incidents.

17. No Absolute Security

No software, cloud service, network, storage method, transmission, integration, artificial intelligence system or internet-based service can be guaranteed to be completely secure, uninterrupted or error-free.

This Security Overview describes general security practices and does not create any absolute guarantee, warranty, SLA or certification.

Use of SoluCortex remains subject to the SoluCortex Terms and Conditions, Privacy Policy and any applicable written agreement with SoluAI.


18. Contact

For security-related questions or vulnerability reports, contact:

SoluAI SpA
SoluCortex Security Contact
Email: legal@soluai.cl
Santiago, Chile SoluCortex keeps auditable records for memory creation, approval, retrieval and archival events. Project-level memory governance may be configured to allow or block auto-approval, but all resulting decisions are logged with the policy applied at the time of creation.

SoluCortex · 2026 · Terms · Privacy · Security · https://solucortex.ai
Cookies — Usamos cookies esenciales para el funcionamiento de la plataforma y, si aceptas, cookies de analítica (Google Analytics) para mejorar el servicio. Política de Privacidad