Made withSlateHut
NexusMind

Trust & compliance

Security is the product, not a slide in the appendix

VPC-native deployment, customer-managed keys, tamper-evident audit trails, and continuous control testing — designed for teams who answer to Legal, Risk, and the board.

Request security packOur approach

Independent review artifacts available under NDA

  • SOC2 Type II
  • ISO 27001
  • GDPR

Shared responsibility, spelled out

NexusMind publishes a clear Shared Responsibility Matrix for every deployment mode: shared cloud, dedicated tenant, and customer VPC. Penetration testing is performed annually by a qualified firm; summaries and remediation attestations are available for Enterprise customers. We do not train foundation models on your tenant data — inference is isolated per policy, with optional zero-retention modes.

Controls that map to your frameworks

Designed to slot into SOC2, ISO 27001, and GDPR evidence requests without heroic spreadsheet work.

01

Identity & access

SSO/SAML, SCIM, ABAC policies, break-glass workflows, and session logging with export to Splunk or Datadog.

02

Data protection

CMEK, TLS 1.3 in transit, AES-256 at rest, field-level redaction hooks, and configurable retention down to zero.

03

Logging & integrity

Append-only inference and approval logs with hash chaining so tampering is detectable during audits.

04

Resilience

Multi-AZ by default, regional failover playbooks, and contractual uptime backed by service credits.

Security FAQs

Can NexusMind meet data residency requirements?
Yes. You select the region at provisioning time, and VPC deployments keep compute and storage entirely inside your chosen cloud account boundary.
How are vendor and model subprocessors governed?
We maintain a subprocessor list with change notification windows. Enterprise agreements include the ability to object to non-material changes and to terminate for material subprocessor shifts.
What happens during an incident?
We follow a documented IR plan with customer notification SLAs, post-incident reports, and optional joint tabletop exercises for regulated industries.
Do you support customer pen tests?
Coordinated testing is welcomed on dedicated and VPC environments with scoped rules of engagement and a technical liaison from our security team.

Need a DPA, pen-test summary, or architecture review?

Our security team typically turns first-pass documentation packages around in two business days for qualified opportunities.

Contact security