Security and trust

Security and trust

Identity, encryption, and access controls protecting your data.

This page mirrors the public security page with extra detail for customers who need to brief their security team.

Identity

Customer login is provided by WorkOS AuthKit. Nuteq does not store passwords. SSO and MFA are configured there; we do not build a second factor system.

Encryption

Data is encrypted in transit (TLS 1.2+). At-rest encryption is handled by Railway (Postgres) and Cloudflare R2 (object storage). Application secrets live in per-organization vaults.

Access control

Roles are Owner, Admin, and Member. Identity and organization IDs are always resolved from the authenticated session, never from request bodies.

Reporting a vulnerability

Email security@nuteqai.com and we will acknowledge within one business day.