Compliance at Nurex.AI

We are committed to meeting the highest standards of data protection and regulatory compliance.

Compliance Frameworks

GDPR

Nurex.AI complies with the General Data Protection Regulation for all users in the European Economic Area. We provide lawful bases for processing, honor data subject rights, and maintain records of processing activities.

CCPA / CPRA

We meet the requirements of the California Consumer Privacy Act and the California Privacy Rights Act, giving California residents transparency and control over their personal information.

SOC 2

Nurex.AI follows SOC 2 principles for security, availability, and confidentiality. Our infrastructure and processes are designed to meet the trust service criteria established by the AICPA.

Data Residency

Customer data is stored in secure, geographically defined regions. We offer transparency into where your data resides and ensure cross-border transfers comply with applicable regulations.

Encryption Standards

All data at rest is encrypted with AES-256-GCM and all data in transit is protected by TLS 1.2+. Integration tokens and credentials receive an additional layer of application-level encryption.

Audit Trail

Nurex.AI maintains comprehensive audit logs of administrative actions, data access events, and configuration changes to support internal reviews and regulatory inquiries.

Our Compliance Practices

Data Subject Rights

  • Right to access, rectify, and delete personal data
  • Right to data portability in machine-readable formats
  • Right to restrict or object to processing
  • Automated consent management and withdrawal workflows

Data Processing

  • Documented lawful bases for all processing activities
  • Data Processing Agreements with all sub-processors
  • Data minimization — we only collect what is necessary
  • Purpose limitation enforced across all integrations

Security Controls

  • AES-256-GCM encryption for credentials and tokens
  • Role-based access control with least-privilege defaults
  • Automated vulnerability scanning and dependency auditing
  • Network-level isolation and DDoS protection

Incident Response

  • Documented incident response plan with defined roles
  • 72-hour breach notification to supervisory authorities
  • Affected user notification without undue delay
  • Post-incident review and remediation tracking

Have Compliance Questions?

Our team is ready to discuss our compliance posture, provide documentation, or address any regulatory concerns you may have.

Contact Us
S

Sarah from Austin, TX

just started her free trial

Just now