Trust
Boringly safe at the edges.
Safety isn't a feature here. It's the floor.
SOC 2 Type II
Audited annually · last report Mar 2026
ISO 27001
In progress · Q4 2026
GDPR
EU SCCs in place
HIPAA
BAAs available for Astris HR
Principles
Zero retention
Customer data is processed, not retained. We can't read what isn't stored.
Encryption everywhere
AES-256 at rest, TLS 1.3 in transit, customer-managed keys on request.
Least privilege
Quarterly access reviews. Production access is JIT and audited.
Auditable by default
Every privileged action is logged and exportable.
Reports
Request SOC 2 + pen test summary
Available under mutual NDA in under 24 hours.
Request report →Disclosure
Found a vulnerability?
We pay for responsible disclosure. Email security@nexus.science with details. PGP key on request.