Skip to content
Elara-Cortex · security & procurement

Built for the review before the buy.

Everything your security and procurement teams need to clear Elara Route: where it runs, how your data is handled, and how we meet your requirements. Short, plain, and clear about what we have today and what is on the roadmap.

Where it runs

Deployment optionsPrivate cloud (your VPC), on-premise (a container in your data centre), or our managed cloud. Air-gapped delivery is available for defence and sovereign work.
Your data stays yoursThe routing engine receives only the problem instance you send (stops, vehicles, a matrix), never your demand model, your pricing, or your customer records. On-premise, nothing leaves your tenancy.
No training on your dataWe do not use your requests to train any model. There is no model. The engine is deterministic mathematics; the same input returns the same answer.

How your data is handled

API keys at restHashed with a peppered SHA-256, we never store the raw key. A leaked database does not expose a working key.
Offline route packetsThe downloadable route pack is encrypted and licence-bound (authenticated encryption); it only opens for the licensed device.
In transitHTTPS only, HSTS with a one-year max-age and subdomains. TLS is enforced at the edge.
LogsWe do not log raw request bodies or secrets. Telemetry is per-key counts, not your payloads.
DeletionAccount and key deletion on request; see the privacy policy. POPIA data-subject rights are honoured.

Application security

Input validationEvery field is parsed, finiteness- and range-checked before any compute. Malformed, non-finite or negative input is rejected with a typed 4xx, never a silent wrong answer.
Browser headersContent-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy and a scoped Permissions-Policy on every response.
Abuse controlPer-key rate limiting; budgets are clamped to the plan ceiling so a single request cannot monopolise the service.
Verifiable answersEvery solver answer ships a certificate, coverage, capacity and a recomputed cost, that your own engineers re-check with arithmetic. You never have to trust a black box.

Compliance & commercials

Privacy lawAligned to POPIA (South Africa) and structured for GDPR with a data-processing addendum for business customers, see Legal §7.
Service levelsPaid plans target 99.9% monthly availability with service credits; Enterprise terms are set in your contract, see Legal §SLA.
CompanyElara-Cortex, operated by its founder, Kgomotso Lekola.
Certification status. We are aligned to the controls behind SOC 2 and ISO 27001 (data handling, access control, encryption, logging) and are pursuing formal certification. A completed security questionnaire, a penetration-test summary and a data-processing addendum are available under NDA today, email security@elara-cortex.com. We will not claim a certificate we do not yet hold.

Start the review

Send your security questionnaire to security@elara-cortex.com and we will return it completed, with the DPA and an on-premise deployment guide. Want to test first? A free 7-day key runs your own data through the engine, no procurement needed to evaluate.