Security at Nox
Your data is your most valuable asset. We protect it with enterprise-grade security at every layer of our infrastructure.
AES-256
Encryption at Rest
TLS 1.3
Encryption in Transit
HA
High Availability
24/7
Security Monitoring
How We Protect Your Data
Authentication
- WebAuthn/passkey-first authentication—no passwords to steal
- Multi-factor authentication support
- Session management with Redis-backed token storage
- Automatic session expiration and refresh token rotation
Encryption
- AES-256 encryption for all data at rest
- TLS 1.3 for all data in transit
- End-to-end encryption for Nexus Network communications
- Encrypted database connections with certificate verification
Data Isolation
- Multi-tenant architecture with strict data isolation
- Organization-level data boundaries
- Role-based access controls (RBAC)
- API key scoping per organization
Monitoring & Auditing
- Comprehensive audit logging for all actions
- Real-time security monitoring and alerting
- Automated anomaly detection
- Regular third-party penetration testing
Infrastructure
- Hosted on enterprise-grade cloud infrastructure
- Regular automated backups with point-in-time recovery
- DDoS protection and rate limiting
- Geographic redundancy for high availability
Compliance
- Enterprise security controls and audit infrastructure
- GDPR ready with data processing agreements
- HIPAA-eligible configuration for healthcare customers
- Regular security audits and third-party assessments
Responsible AI
Security extends beyond infrastructure. Our AI systems are designed with safety, transparency, and human oversight at their core.
Human-in-the-loop: Critical actions always require human approval
Transparent AI: Nox explains its reasoning and discloses uncertainty
Data minimization: We only process data necessary for the requested task
Model safety: Built on Anthropic’s Claude with constitutional AI principles
Identity Protocol: Public framework for AI rights and responsibilities
Questions About Security?
We're happy to discuss our security practices in detail, provide documentation for your compliance team, or arrange a security review.