Security Overview

We protect your data.

All data is written to multiple disks instantly, backed up multiple times per day, and stored in multiple locations. We use modern techniques and leverage a Virtual Private Cloud based on Amazon Web Services.

Your data is sent using HTTPS.

Whenever your data is in transit between you and us, everything is encrypted, and sent using HTTPS. Our backups of your data are encrypted using AES.

Full redundancy for all major systems.

Our servers are distributed across multiple Availability Zones (AZ) inside Amazon Web Services operating a full redundancy. Our systems are engineered to stay up even if multiple entire AZs fail.

Want to know more?

Drop us a line if you have other security questions and we’ll get back to you as quickly as we can.

Have a concern? Need to report an incident?

Have you noticed abuse, misuse, an exploit, or experienced an incident with your account? Please visit our scroll down for details on how to securely submit a report.


Curiosity security response

We appreciate your concern

Keeping user data and parnet data safe and secure is a huge responsibility and a top priority. We work hard to protect our users and partners from the latest threats. Your input and feedback on our security is always appreciated.

Reporting security problems

Send urgent or sensitive reports directly to Use our public key (or grab it via DNS TXT record using PKA:

gpg --auto-key-locate pka -ea -r

) to keep your message safe and please provide us with a secure way to respond. We’ll get back to you as soon as we can, usually within 24 hours. Please follow up or ping us on Twitter (@curiositydotcom) if you don’t hear back.

Tracking and disclosing security issues

We work with security researchers to keep up with the state-of-the-art in web security. Have you discovered a web security flaw that might impact our products? Please let us know. If you submit a report, here’s what will happen:

We’ll acknowledge your report & tell you the best way to track the status of your issue.

We’ll investigate the issue and determine how it impacts our products. We won’t disclose issues until our investigation is finished, but we’ll work with you to ensure we fully understand the issue. Once the issue is resolved, we’ll post a security update along with thanks and credit for the discovery if you want credit. Our products are built using Python and Clojure running on Linux hosted by AWS. The issue you reported might affect one or more areas of our technology stack. We ask for your patience while we also make sure other companies and open source projects are protected. Either way, you’ll always have a Curiosity contact for your issue.

Thanks for working with us

We respect the time and talent that drives new discoveries in web security technology. The following researchers and companies have gone out of their way to work with us to find, fix, and disclose security flaws safely: 

Last modified: February 9, 2017