NEXORA Security

Your data never leaves your server

NEXORA is self-hosted by design. No cloud storage, no third-party access, no data retention. Full control, full privacy.

Self-Hosted AES-256 Encryption Zero Data Retention GDPR Ready RLS Isolation

Architecture

Every NEXORA instance runs entirely on your infrastructure

⊕Self-hosted deployment

Docker Compose or bare metal. All AI processing via local Ollama — no API calls to external LLMs. Your documents, prompts, and results stay on your hardware.

⊕Zero data retention

NEXORA does not collect, store, or transmit your data to any external service. AI models run locally — your data is never used for model training.

⊕Tenant isolation

PostgreSQL Row-Level Security (RLS) ensures complete data isolation between tenants. Each firm's data is cryptographically separated at the database level.

⊕Encrypted communications

RSA-4096 + AES-256 + HMAC for admin channels. TLS 1.3 for all API traffic. Cloudflare Tunnel eliminates exposed ports.

Encryption standards

Military-grade encryption at every layer

Layer	Standard	Implementation
Data at rest	AES-256	PostgreSQL encrypted storage, encrypted backups
Data in transit	TLS 1.3	Cloudflare Tunnel, HTTPS enforced
Admin channel	RSA-4096 + AES-256 + HMAC	Encrypted command channel with signature verification
Authentication	TOTP MFA + bcrypt	Time-based OTP, session tokens with Redis-backed blacklist
API security	Rate limiting + CORS	Redis-backed rate limiter, strict origin validation
Secrets	USB Security Key	12-word seed recovery, hardware-bound access

Compliance

Aligned with international security and privacy standards

Framework	Status	Details
GDPR	Compliant	Data Processing Agreement available. Data residency on client's infrastructure.
ISO 27001	Aligned	Security controls mapped to ISO 27001 Annex A requirements.
SOC 2 Type II	In progress	Trust Service Criteria self-assessment complete. Formal audit planned.
ISO 42001	Planned	AI Management System standard alignment in roadmap.
Bar Association Ethics	Compliant	Human oversight required for all AI outputs. Full audit trail.

Audit & monitoring

Complete visibility into every action

⊕Full audit log

Every API call, document access, and AI agent interaction is logged with timestamp, user, IP, and action. Exportable as CSV or PDF for compliance reporting.

⊕Real-time monitoring

Health dashboard with service status, uptime metrics, and automated Telegram alerts. Redis pub/sub for instant notifications.

⊕Access control

Role-based access with MFA enforcement. Session management with automatic expiry and Redis-backed token blacklist.

Data Processing Agreement

GDPR-compliant DPA available for all plans

⊕Download DPA

Auto-generated Data Processing Agreement with your firm's details. Available via API or dashboard.

GET /api/v1/compliance/dpa/{tenant_id}

Questions about security? Contact our team.

[email protected]