Security posture & compliance overview

Platform architecture

NexusCore Support private beta environments run inside dedicated virtual private clouds managed by our infrastructure team. Each region includes:

• Segmented private subnets with zero-trust ingress and WAF protection
• Managed PostgreSQL for transactional data with row-level security
• Redis-backed queues for automation runs and rate limiting
• Encrypted object storage for attachments with per-workspace keys

Service-to-service traffic is enforced over mTLS, and certificates rotate automatically every 24 hours.

Data residency

Select your residence when creating a workspace. Currently available regions:

• US-East (primary)
• EU-West (beta)

If you need a private region, we can provision a dedicated cluster with a 21-day lead time.

Access controls

• SSO via SAML 2.0 and SCIM (beta) for user provisioning
• Role-based access with least privilege defaults
• Fine-grained API scopes for machines and Mesh automations
• Audit logs covering authentication, role changes, queue access, and data exports

Encryption

• TLS 1.3 enforced for all public endpoints
• Data at rest encrypted with AES-256 using managed keys per workspace
• Attachments encrypted client-side before upload when using the NexusCore widget

Compliance roadmap

Incident response

• 24/7 monitoring with on-call rotation across engineering + security
• Severity 1 incidents trigger cross-functional bridge within 15 minutes
• Customers receive updates via the status page and direct email if SLAs are impacted
• Post-incident reviews shared with design partners within 72 hours

Customer responsibilities

To maintain compliance, ensure:

1. SSO is enforced for all privileged roles.
2. Secrets are stored in your vault—API keys should not be hard-coded in apps.
3. Data exports and Mesh jobs adhere to your internal retention policies.

Contact security@nexuscore.cloud for procurement packets or additional attestations.