For IT & security teams
Security & Compliance
Corexi is a fully hosted SaaS product. It requires no on-premise installation, no firewall changes, and no inbound network access to your infrastructure.
Cloud-native SaaS
- Fully hosted — no on-premise installation, no VPN, no agent on your servers
- Your team accesses Corexi through a standard web browser (HTTPS)
- No software to install on your infrastructure
Network & firewall
- All connections are outbound HTTPS (port 443) — no inbound ports required
- No firewall changes, IP whitelisting, or VPN tunnels needed
- Visual scans access your public-facing URLs like any browser visitor
- Analytics integrations use outbound OAuth to provider APIs (GA4, Mixpanel, etc.)
- MCP calls go from the developer's IDE to Corexi's cloud API
Data protection
- EU-based data processing on EU infrastructure
- GDPR compliant by design
- Analytics credentials encrypted at rest (AES-256-GCM)
- Read-only API access to analytics — we never write to your data
- No PII collected from your end users
- No tracking scripts injected into your product
Compliance
- SOC 2 Type II — on the Q3 2026 roadmap
- SSO / SAML — on the Q3 2026 roadmap for Enterprise plan
- Audit log for all admin actions
- Data retention policies configurable per workspace
- Custom DPA available on request
Behavioral Snippet (optional)
- Lightweight JavaScript (< 5 KB gzipped), loaded from Corexi CDN
- Same deployment model as Google Analytics, Hotjar, or Clarity
- If your CSP restricts external scripts, whitelist pixel.corexi.ai
- No cookies set, no PII captured, no session replay
- Entirely optional — Corexi works without it
Questions from your IT team?
We're happy to jump on a call with your security or IT team to walk through our architecture. Custom DPAs available on request.