Enterprise-grade security
Your data — and your customers' data — is protected at every layer. NexaGPT is built for teams that take security seriously.
End-to-end encryption
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Your training content and conversation data are never stored in plain text.
Role-based access control
OWNER, ADMIN, and MEMBER roles with page-level permission granularity. Limit who can see leads, analytics, billing, or chatbot settings.
API key scopes
API keys support fine-grained scopes (read, write, admin). Set expiry dates and revoke keys instantly from your dashboard.
GDPR compliant
Full data residency controls, right-to-deletion support, data processing agreements (DPA) available for enterprise customers.
SOC 2 Type II
NexaGPT infrastructure is audited annually against the SOC 2 framework. Reports available under NDA for enterprise customers.
Multi-tenant isolation
Every organization's data is fully isolated at the database level. White-label child organizations have strict data boundaries.
Security practices
- Passwords hashed with bcrypt (cost factor 12)
- JWT tokens with short expiry + refresh token rotation
- Rate limiting on all authentication endpoints
- Webhook payloads signed with HMAC-SHA256 secrets
- Regular dependency audits and automated vulnerability scanning
- Infrastructure hosted on AWS with private VPC networking
- Database backups every 6 hours, retained for 30 days
- Incident response SLA: critical issues patched within 24 hours
Enterprise security add-ons
- ✓ SSO via SAML 2.0 / Okta / Azure AD
- ✓ Custom data residency (EU, US, APAC)
- ✓ Data Processing Agreement (DPA)
- ✓ Audit logs with user activity trail
- ✓ IP allowlist / VPN enforcement
- ✓ Dedicated infrastructure option
Security questions? Talk to our team.
We're happy to share our security documentation, DPA, or SOC 2 reports.