Security & Trust

Security at every layer.

Noxdren is built for operators in critical infrastructure, energy, and public safety. The data you send us matters, and we treat it that way. This page is a plain-English summary of how we protect it. For a full security questionnaire or our subprocessor list, reach out at security@noxdren.com.

Secure by Design

Security decisions are made at architecture time, not bolted on, for a minimal attack surface and hardened defaults.

Least Privilege

Every account and service gets the narrowest access it needs. MFA and hardware keys are mandatory internally.

Encrypted End to End

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256) across all infrastructure.

Your Data, Your Control

You own your data. We never train models on customer data without explicit, written consent.

Data Protection

How your data is handled.

Encryption

TLS 1.2+ in transit, AES-256 at rest, managed via our cloud provider's key management.
API Authentication

Per-customer API keys, with mutual TLS (mTLS) available for enterprise deployments.
Access Control

Role-based access, enforced MFA, and hardware security keys on every internal account.
Secrets Management

Credentials live in a managed secret store, never in source code or plaintext config.
Monitoring & Logging

Continuous error and uptime monitoring, with PII scrubbed from logs and error reports.
Data Residency

Production data is hosted in the United States. Regional options on the roadmap as customers require.

Compliance

Certifications & standards.

We're transparent about where we are. Below is our current status, not aspiration dressed up as fact.

SOC 2 Type I

Type I examination underway; Type II to follow. Reports shared under NDA on completion.

In Progress

Cloud Infrastructure

Built entirely on SOC 2-attested cloud and platform providers (see subprocessors below).

In Place

GDPR & CCPA

Data Processing Agreement (DPA) available on request. Data-subject requests honored.

Supported

PCI DSS

Card data never touches our servers. Payments are handled entirely by our PCI DSS Level 1 processor.

Out of Scope

Annual Penetration Test

Independent third-party testing, scheduled as our SOC 2 program matures.

Planned

Infrastructure & Subprocessors

The providers behind Noxdren.

Every provider undergoes due diligence and is bound by a data processing agreement. This is a current snapshot; the canonical, versioned list is available on request.

Provider

Purpose

Region

Google Cloud

Core infrastructure & API hosting

United States

Cloudflare

DNS, CDN, DDoS & WAF

Global edge

Stripe

Payments & billing

US · EU

Sentry

Error monitoring

US · EU

Resend

Transactional email

United States

HubSpot

CRM (sales contacts)

United States

GitHub

Source code & CI/CD

United States

Plausible

Privacy-friendly web analytics

EU

BetterStack

Uptime monitoring & status

EU

Dropbox Sign

E-signature for contracts

United States

Cal.com

Sales call scheduling

United States

OneTimeSecret

One-time API-key delivery

United States

Responsible Disclosure

Found a vulnerability?

We welcome reports from security researchers. Email us with details and we'll acknowledge within 48 hours and keep you updated through resolution. Please give us reasonable time to fix an issue before any public disclosure.

security@noxdren.com →

AcknowledgementWithin 48 hours
TriageWithin 5 business days
Contactsecurity@noxdren.com
Disclosuresecurity.txt

Need a security review or DPA?

We're glad to complete your security questionnaire, share our subprocessor list, or sign a DPA. Reach out and we'll route it to the right place.

Contact Us →