Security

Security at NexaAPI

We take the security of your data and API access seriously. Here's how we protect your information.

🔒

Encryption

  • All data in transit is encrypted with TLS 1.3
  • Data at rest is encrypted with AES-256
  • API keys are hashed using bcrypt before storage
  • Database connections use encrypted channels
🏗️

Infrastructure

  • Hosted on SOC 2 Type II certified cloud infrastructure
  • Multi-region deployment with automatic failover
  • DDoS protection and Web Application Firewall (WAF)
  • Network isolation between services with zero-trust architecture
  • Regular infrastructure security scanning and patching
🔑

API Security

  • Bearer token authentication on all API endpoints
  • Rate limiting to prevent abuse and brute-force attacks
  • Request validation and input sanitization
  • API keys can be scoped, rotated, and revoked instantly
  • Audit logs for all API key operations
📦

Data Handling

  • Generated content is stored temporarily (24h) and then permanently deleted
  • API request prompts are not logged or used for training
  • Minimal data collection — we only store what's necessary
  • Data deletion available on request within 30 days

Compliance

  • SOC 2 Type II certified
  • GDPR compliant with EU data processing agreements
  • Regular third-party penetration testing
  • Incident response plan with <4h response time for critical issues
👁️

Monitoring

  • 24/7 automated monitoring and alerting
  • Real-time anomaly detection for suspicious API usage
  • Centralized logging with tamper-proof audit trails
  • Regular security reviews and access audits

🐛 Responsible Disclosure

Found a security vulnerability? We appreciate responsible disclosure. Please report security issues to [email protected]. We aim to acknowledge reports within 24 hours and resolve critical issues within 72 hours.

Please do not publicly disclose vulnerabilities until we've had a chance to address them.