How Nuteq protects your data
A short, accurate description of the controls in place today. We update this page whenever a control changes.
Identity
Customer login is provided by WorkOS AuthKit. We do not store customer passwords and we never see a user’s authentication secret. Sign-in supports email links, SSO, and the factors your identity provider requires. Multi-factor authentication is handled by WorkOS / your IdP; we do not build a second factor system.
Encryption
Customer data is encrypted in transit using TLS 1.2 or higher. At-rest encryption is handled by the underlying cloud provider (Postgres on Railway; object storage on Cloudflare R2). Application secrets are stored in dedicated vaults per organization, isolated by org ID, and never reach the browser.
Infrastructure
Application services run in containers on a hardened VPS behind a reverse proxy. The database tier uses Railway-managed Postgres with automated backups. Backup retention and restore procedures are documented in our disaster recovery runbook.
Access control
Every organization has Owner, Admin, and Member roles. Only Owners and Admins can change billing, manage members, or update integrations. Identity and organization IDs are always resolved from the authenticated session, never from request bodies.
Payment data
Nuteq does not store payment cards. Self-serve plans are billed through Stripe; the customer-facing Stripe Customer Portal owns cards, invoices, and billing details. Nuteq only ever receives a Stripe Customer ID and subscription status.
Recordings
Call recordings are stored on Cloudflare R2 and proxied through an authenticated backend endpoint. Raw recording URLs never reach the browser, and access is gated by the customer’s authenticated session.
Disclosure
Report a vulnerability to security@nuteqai.com. We acknowledge within one business day and coordinate disclosure on a reasonable timeline.