Protecting your data is our highest priority. Here's how we do it.
Our platform runs on enterprise-grade cloud infrastructure with built-in redundancy, automatic failover, and geographic distribution to ensure reliability and performance.
All network traffic is protected by firewalls, intrusion detection systems, and DDoS mitigation. We continuously monitor for anomalies and respond to threats in real time.
Automated daily backups with point-in-time recovery capabilities. Backups are encrypted and stored in geographically separate locations from production data.
We follow a secure software development lifecycle (SSDLC) with mandatory code reviews, static analysis, and automated security testing on every release.
Automated dependency scanning in our CI/CD pipeline catches known vulnerabilities before they reach production. We maintain a regular patching cadence for all components.
We conduct regular security assessments and penetration tests to identify and remediate potential vulnerabilities in our platform.
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. Encryption keys are managed through a dedicated key management service with automatic rotation.
Each customer's data is logically isolated from other customers. Strict access controls ensure that data is only accessible to authorised users within the correct account.
Clear data retention policies with the ability to export or delete your data at any time. We support "right to be forgotten" requests in line with data protection principles.
MFA is available for all user accounts, adding an additional layer of security beyond passwords. We support authenticator apps and SMS-based verification.
Granular permissions ensure users only access what they need. Administrators can define custom roles and control access at the feature and data level.
Automatic session expiration, concurrent session controls, and activity logging for all authentication events. Suspicious login attempts trigger automatic security alerts.
Built on the controls expected by SOC 2 and ISO 27001, operating under EU GDPR today, with formal certification pursued as the platform matures.
General Data Protection Regulation — EU data privacy and protection
Service Organisation Control — security, availability, and confidentiality
International standard for information security management systems
If you've discovered a security vulnerability in our platform, we want to hear from you. We appreciate the work of security researchers and are committed to addressing any issues promptly.
Please report vulnerabilities to security@nurocx.com. We acknowledge all reports within 1 business day and aim to respond substantively within 3 business days. For urgent issues affecting active users, please add "URGENT" to the subject line.