Security
Encrypted. Scoped.
Logged.
The controls that keep your business — and your clients’ data — safe. Everything below is live in the product today, and you can see it for yourself.
Live in the product today You stay in control
Encryption
Your secrets, encrypted — and never in the open.
Every credential and API key you store is encrypted with AES-256-GCM before it touches the database, and decrypted only when it’s needed. Traffic to and from CNEX-Flow is protected with TLS.
AES-256-GCM at rest
Authenticated, industry-standard encryption for every stored credential and secret.
Out of your code
Credentials live in an encrypted vault — never hard-coded or sitting in plain config.
Protected in transit
Every connection to CNEX-Flow is encrypted with TLS.
Sign-in security
Getting in is the hard part — for everyone but you.
Layers that work quietly in the background to keep accounts in the right hands.
Multi-factor authentication
Add a second factor — authenticator app, SMS or email — and require it on unfamiliar devices.
Automatic lockout
Too many failed attempts and the account locks itself, no admin needed.
New-device alerts
Sign in from somewhere new and we email you — with the device and rough location.
Bot defense
reCAPTCHA and rate limits keep automated attacks off your sign-in page.
Strong password hashing
Passwords are hashed with Argon2 — we never store them in the clear.
Every login logged
Each sign-in is recorded with device, location and time.
Access control
Everyone sees exactly what they should. In layers.
Permissions stack from the whole organization down to a single person — so access is least-privilege by default, and you grant exactly what’s needed, no more.
Permissions stack, broad → specific
- 1OrganizationThe baseline everyone starts from.
- 2AdminsElevated, minus owner-only actions.
- 3Job rolesPermissions by what someone does.
- 4DivisionsScoped per team or client — with inheritance.
- 5GroupsCross-cutting sets of people.
- 6IndividualFine-grained, per person.
A member’s effective permissions — every row traced to where it’s granted or denied.
Least-privilege by default
New members start with the minimum, and you add from there.
Four-eyes approval
Sensitive actions can require a second admin to sign off before they run.
Every organization isolated
One organization’s data is walled off from every other — enforced on every request.
Your AI, scoped
Your AI is scoped like a teammate — not a master key.
Connekz works inside the same permissions as the person directing it. It only reaches the data, tools and credentials in its lane — and it’s checked before it acts.
It inherits your permissions
The AI sees what you’d see — never more.
Scoped credentials
It can only pull secrets for the organization and project it’s working on.
Checked before it acts
Every action is permission-gated. Denied means denied.
Audit & ownership
Everything’s on the record. And your data stays yours.
On the record
- Logins, permission changes and approvals are all logged.
- Permission changes capture the before and after.
- The log can’t be quietly edited after the fact.
Yours to keep — or take
- Delete your account, or your whole organization, whenever you want.
- Export your data and your chat history.
- A 30-day recycle bin catches mistakes before they’re gone.
Ready when
you are.
Start your free month. See what your team does with Connekz working alongside.
- 30-day free trial
- Cancel anytime