Trust & Security

Nexora is designed for teams that require clear controls, strong boundaries, and evidence-grade auditability. This page summarizes how we approach security, privacy, and operational integrity.

Data boundaries and tenant isolation

Tenant data is logically isolated and access is governed by least-privilege controls.
Administrative access is restricted and monitored.
Customer data is never used for unrelated purposes without explicit agreement.

Encryption and transport security

Encryption in transit is enforced using modern TLS configurations.
Sensitive secrets are not stored in frontend code or shipped to clients.

Auditability and evidence

Security-relevant actions are recorded with traceability (who/what, when, what changed, and why when provided).
Audit views and exports are intended to support investigations and compliance workflows.

Secure development practices

Code changes are reviewed and tested prior to release.
Dependencies are monitored and updated to reduce exposure to known vulnerabilities.
Security issues are triaged and addressed based on severity and exploitability.

SOC 2 and compliance alignment

Nexora is designed to support SOC 2 readiness and common control frameworks.
Certification and formal compliance status are available under NDA where applicable.

Responsible disclosure

If you believe you've found a security issue, report it through our Security page. We investigate promptly and coordinate responsibly.