Nexgent AI Security Policy

Overview

At Nexgent AI, security is foundational to everything we build. As a platform enabling AI-powered agents and access to blockchain-based systems, we are committed to protecting the confidentiality, integrity, and availability of our infrastructure, products, and community data.

This policy outlines the key measures we take to safeguard our platform, users, and partners.

1. Scope

This policy applies to all Nexgent-operated systems, applications, and services, including our web platform, backend infrastructure, and any connected blockchain components.

2. Access Control

  • We enforce the principle of least privilege across all systems.

  • Multi-factor authentication (MFA) is required for all administrator access.

  • Secrets and credentials are securely stored using tools such as AWS Secrets Manager.

  • Access to sensitive environments is restricted and regularly reviewed.

3. Data Protection

  • All user and transaction data is encrypted at rest and in transit.

  • Authentication is handled via a secure identity system using JWTs. Access to data is restricted through row-level security policies at the database level.

  • Only authorized personnel have access to production systems and user data.

4. Infrastructure & Application Security

  • Our infrastructure is hosted on AWS with security best practices in place, including firewalling, network segmentation, and DDoS protection via Cloudflare.

  • All code is stored in private repositories with enforced review workflows. Dependency checks and CI/CD pipelines are being progressively enhanced to include vulnerability detection.

  • We follow secure development lifecycle practices and regularly audit dependencies.

5. Monitoring & Logging

  • System activity and API usage are logged and monitored continuously.

  • Alerts are configured to detect anomalous behavior and potential threats.

  • Logs are retained securely and reviewed as part of our operational process.

6. Incident Response

  • We maintain an internal process for identifying, triaging, and resolving security incidents.

  • High-priority issues are addressed immediately, and affected users are notified in line with relevant data protection laws.

  • Post-incident reviews are conducted to improve future responses.

7. Third-Party Services

  • We work with reputable third-party providers (including Supabase, QuickNode, Cloudflare, Bitquery) that meet high security standards.

  • Access to third-party platforms is limited to essential personnel and protected by MFA and audit logging.

8. Security Reviews & Updates

This policy is reviewed and updated regularly, especially following changes to infrastructure or security posture.
Last updated: June 2025

Contact
If you believe you’ve discovered a vulnerability or security concern, please contact us at contact@nexgent.ai. We appreciate responsible disclosure and will investigate all reports promptly.