Skip to content

Security at Nexus

We take the security of your financial data seriously. Our platform is built with security best practices and secure design patterns at every layer, from application code to infrastructure.

Your data is protected by enterprise-grade security

We adopt industry best practices and continuously improve our security posture

Security Features

Our platform incorporates multiple layers of security controls to protect your data.

Encryption at Rest
All data stored in our systems is encrypted using AES-256 encryption, including documents, database records, and backups.
Encryption in Transit
All data transmitted between your browser and our servers is protected with TLS 1.2 or higher, ensuring secure communication.
Secure Infrastructure
Hosted on AWS with enterprise-grade security, including VPC isolation, security groups, and automated threat detection.
Access Controls
Role-based access control (RBAC) ensures users only access data they need. Multi-factor authentication available for all accounts.
Data Isolation
Multi-tenant architecture with strict data isolation. Your data is logically separated and never accessible to other customers.
Secure Integrations
OAuth 2.0 authentication for third-party integrations. API tokens are encrypted and securely stored.
Audit Logging
Comprehensive audit trails track all user actions, document access, and system changes for compliance and forensics.
Employee Security
Background checks, security training, and least-privilege access for all employees. No employee has access to customer data by default.

Security Best Practices

We follow industry-standard security practices across all aspects of our platform.

Application Security

  • Input validation and sanitization on all user inputs
  • Parameterized queries to prevent SQL injection
  • Content Security Policy (CSP) headers to prevent XSS attacks
  • CSRF protection on all state-changing operations
  • Secure cookie configuration (HttpOnly, Secure, SameSite)
  • Regular dependency scanning and updates
  • Static code analysis in CI/CD pipeline

Infrastructure Security

  • Private subnets for application and database tiers
  • Web Application Firewall (WAF) protection
  • DDoS mitigation at network edge
  • Automated security patching for operating systems
  • Container image scanning before deployment
  • Secrets management using AWS Secrets Manager
  • Network segmentation and micro-segmentation

Data Protection

  • AES-256 encryption for data at rest
  • TLS 1.2+ for data in transit
  • Encryption key rotation every 90 days
  • Secure key management with HSM backing
  • Database connection encryption enforced
  • Backup encryption with separate keys
  • Secure data deletion procedures

Access Management

  • Single Sign-On (SSO) support via SAML/OIDC
  • Multi-factor authentication (MFA) available
  • Password policies enforcing complexity requirements
  • Session timeout and automatic logout
  • IP allowlisting for enterprise accounts
  • API rate limiting and throttling
  • Regular access reviews and deprovisioning

Monitoring & Response

  • 24/7 infrastructure monitoring and alerting
  • Real-time threat detection and blocking
  • Security incident response procedures
  • Regular penetration testing by third parties
  • Vulnerability disclosure program
  • Audit prep evidence assembly
  • Incident post-mortems and remediation tracking

Business Continuity

  • Multi-availability zone deployment
  • Automated failover and disaster recovery
  • Regular backup testing and restoration drills
  • Recovery Point Objective (RPO): 1 hour
  • Recovery Time Objective (RTO): 4 hours
  • Documented incident response runbooks
  • Annual business continuity planning reviews

Our Security Commitment

While we are not currently certified under specific compliance frameworks (such as SOC 2 or ISO 27001), we design and operate our systems following the principles and controls these frameworks require. We continuously evaluate and improve our security posture through:

  • Regular internal security assessments and code reviews
  • Third-party penetration testing at least annually
  • Continuous monitoring and automated security scanning
  • Security-focused development practices and training
  • Incident response planning and regular drills

Responsible Disclosure

We welcome security researchers to help us keep Nexus secure. If you discover a vulnerability, please report it responsibly.

Report a Vulnerability

Contact us at security@nexusap.com with details of the issue. We commit to acknowledging reports within 48 hours.

Security Questions?

If you have questions about our security practices or need additional information for your security assessment, we're here to help.

Contact Security TeamGeneral Inquiries