Skip to main content

Governance intelligence for access, cloud, and SaaS. Now in early access

Nuxari
Trust Center

Security and Compliance at Nuxari

We take the security of our platform and the data you trust us with seriously. This page describes our security practices, our compliance program, and our certification status.

Compliance status

Nuxari is building towards SOC 2 Type II and ISO 27001 certification. We are not yet formally certified. Formal reports and certifications will be shared when external audits are completed and reports are available. This page will be updated as certifications are obtained.

Our compliance program

Nuxari is actively building its internal compliance program. We are working towards SOC 2 Type II and ISO 27001 readiness. This means we are:

  • Implementing and documenting controls across access management, audit and accountability, incident response, availability, and vendor management.
  • Collecting evidence continuously as part of our operational practices.
  • Maintaining an information security risk register and a vendor register.
  • Approving and reviewing information security policies on a regular schedule.
  • Preparing for external audit engagement with an independent auditor.

Certification reports will be shared with customers when external audits are completed. Customers interested in the status of our compliance program can contact us at security@nuxari.com.

Security practices

Security is built into our platform architecture, not added as an afterthought. Key practices we operate:

MFA enforcement

Multi-factor authentication is enforced for all privileged roles. Organizations can enforce MFA for all users through workspace security policy.

Role-based access control

All access to platform features and data is controlled by a strict RBAC system. No user can access data or features outside their assigned role scope.

Tenant isolation

All customer data is strictly isolated by organization. No data is accessible across tenant boundaries — every query, every export, every audit event is scoped to a single organization.

Audit logging

Every significant platform action — access grants, approvals, configuration changes, exports — generates a tamper-evident audit event. No actions are performed without a trace.

Encryption in transit

All data between clients and the Nuxari API is encrypted using TLS. No credentials, tokens, or sensitive data are transmitted in plaintext.

Privileged access management

Privileged roles can be configured as PIM-eligible, requiring Just-in-Time activation with a documented justification and a time-limited window.

Vulnerability management

We conduct regular dependency audits and vulnerability scanning. Critical findings are triaged and remediated according to severity.

No secrets in frontend

The Nuxari frontend never holds API keys, tokens, or secrets. All privileged operations go through our backend API after authentication and authorization.

Certification status

FrameworkStatus
SOC 2 Type IIBuilding towards readiness. External audit not yet initiated.
ISO 27001Building towards readiness. Certification body not yet engaged.

Nuxari is working towards formal SOC 2 and ISO 27001 certification. Certification requires an external audit by an independent accredited party. Reports will be published here when available.

For customers building their own compliance programs

Nuxari is also a tool that helps your organization build and operate its own compliance program. Customers use Nuxari to:

  • Track and operate controls mapped to SOC 2 and ISO 27001.
  • Collect, review, and accept evidence automatically from operational workflows.
  • Manage policies, risks, vendors, and access reviews in one place.
  • Export audit packages for sharing with external auditors.

Learn more in the Compliance readiness documentation.

Responsible disclosure

If you believe you have found a security vulnerability in Nuxari, we encourage responsible disclosure. Please report findings to us privately so we can investigate and remediate before public disclosure.

Report vulnerabilities to: security@nuxari.com

For our full responsible disclosure policy, see the Responsible Disclosure page.

Contact

For security inquiries: security@nuxari.com

For general compliance questions: compliance@nuxari.com