Security at Nurex.AI

We take the security of your data seriously. Here's how we protect your business information.

Security Pillars

Encryption at Rest

All integration tokens and sensitive credentials are encrypted using AES-256-GCM, the same standard used by banks and government agencies.

Encryption in Transit

Every connection to Nurex.AI is encrypted with TLS 1.2+ (HTTPS). Data moving between our servers and third-party APIs is always encrypted.

Secure Data Storage

Data is stored in access-controlled PostgreSQL databases with automated backups, point-in-time recovery, and network-level isolation.

Role-Based Access Control

Fine-grained permissions ensure team members only access what they need. Owner, Admin, Member, and Read-Only roles are enforced at the API level.

Token Lifecycle Management

OAuth tokens are automatically refreshed, rotated, and revoked when integrations are disconnected. Expired tokens are flagged instantly.

CSRF & Session Protection

OAuth flows use state-based CSRF tokens. Sessions are cryptographically signed and expire automatically to prevent hijacking.

Our Security Practices

Authentication

  • Multi-factor authentication (2FA) support with TOTP
  • Secure password hashing with industry-standard algorithms
  • OAuth 2.0 integration with Google for single sign-on
  • Active device tracking and session management

Infrastructure

  • Hosted on enterprise-grade cloud infrastructure
  • Network-level firewalls and DDoS protection
  • Automated vulnerability scanning and patching
  • Environment variable isolation for secrets management

Application Security

  • Input validation and sanitization on all API endpoints
  • Rate limiting to prevent abuse (API keys and sync operations)
  • Strict Content Security Policy (CSP) headers
  • Dependency auditing and automated security updates

Data Protection

  • Integration credentials encrypted with AES-256-GCM
  • No plain-text storage of tokens or passwords
  • Data deleted within 30 days of account closure
  • Minimal data collection — we only store what is necessary

Responsible Disclosure

If you discover a security vulnerability, we appreciate your help in disclosing it to us responsibly. Please report any findings to security@nurex.ai. We will investigate promptly and work with you to resolve the issue.

Please do not publicly disclose the vulnerability until we have had a chance to address it.

Have Security Questions?

Our team is happy to answer any questions about how we protect your data.

Contact Us
S

Sarah from Austin, TX

just started her free trial

Just now