Security
Compliance
NeroX demonstrates strict adherence to internationally recognized standards and applicable regulatory frameworks governing its operations. The platform is engineered and maintained in compliance with established protocols, ensuring alignment with both industry best practices and statutory requirements.
By integrating compliance mechanisms directly into its architecture, NeroX mitigates operational risks, supports auditability, and provides assurance of reliability and security. This structured approach reinforces trust among stakeholders, regulators, and users by evidencing conformance with mandatory and voluntary obligations. Through continuous monitoring, assessment, and documentation, NeroX ensures sustained compatibility with evolving standards while maintaining full regulatory integrity across its ecosystem.
General Data Protection Regulation (GDPR)
NeroX maintains full alignment with the General Data Protection Regulation (GDPR) and integrates its foundational principles into all aspects of system design and data management practices. The platform enforces data minimization by collecting, processing, and storing only information that is strictly necessary for defined purposes, thereby reducing exposure and risk. In addition, NeroX is structured to uphold and facilitate the rights of data subjects, including access, rectification, erasure, and portability, through transparent processes and robust technical safeguards. This approach ensures regulatory compliance, strengthens data governance, and enhances user trust by embedding privacy and accountability into the operational framework.
Security through secret sharing
NeroX leverages security through secret sharing to protect sensitive data and private keys with maximum resilience. Instead of storing secrets in a single location, NeroX splits them into multiple random shares distributed across independent parties and devices. No single entity can compromise the data, and only a defined threshold of shares can securely reconstruct it. By implementing advanced techniques, NeroX ensures privacy, fault tolerance, and protection against collusion. This distributed trust model enables NeroX to deliver a secure, reliable, and scalable environment where users’ assets and computations remain fully safeguarded.
Security techniques
Data Encryption
At NeroX, data security is prioritized through end-to-end encryption, covering both data at rest and data in transit. All encryption practices are fully aligned with recognized industry standards and undergo regular audits to validate effectiveness and maintain the highest levels of protection.
Data at rest is hosted within Google Cloud Platform (GCP) infrastructure and safeguarded using GCP’s native encryption technologies, specifically AES-256 bit encryption, ensuring that stored information remains secure against unauthorized access. Similarly, data in transit is protected with equivalent rigor. AES-256 bit encryption, combined with Transport Layer Security (TLS), is applied to all network communications, ensuring confidentiality, integrity, and resilience during data transfer.
This dual-layer approach ensures that sensitive information is protected throughout its lifecycle, from storage to transmission. By integrating robust encryption mechanisms and ongoing compliance checks, NeroX delivers a security framework designed to meet enterprise-grade expectations and instill trust among its users and stakeholders.
Security Testing
NeroX conducts routine vulnerability assessments and annual penetration testing to detect and address potential security risks before they can be exploited.
System Safeguards
NeroX implements a layered approach to system protection by segmenting its infrastructure into isolated networks, reducing the risk of unauthorized lateral movement. Strict firewall policies enforce access controls, allowing only essential communication paths and minimizing exposure to external threats. Access to production environments is tightly controlled and limited to authorized personnel, ensuring operational integrity.
Continuous monitoring mechanisms are deployed to track performance, availability, and compliance, ensuring that service delivery consistently aligns with defined Service Level Agreement (SLA) commitments. This comprehensive framework strengthens resilience, mitigates potential risks, and safeguards both system operations and customer trust.
High Availability and Backup Resilience
NeroX ensures robust business continuity through a combination of daily encrypted backups and full system replication across multiple availability zones. This architecture is designed to provide high availability, minimize downtime, and safeguard against potential system failures or data loss.
Encrypted backups are securely maintained to protect sensitive information, while replicated production environments enable rapid failover and uninterrupted service delivery. To validate reliability, NeroX conducts periodic restoration tests, confirming that recovery processes are effective and data remains fully accessible.
This proactive approach strengthens resilience, ensures operational stability, and provides users with confidence in continuous system protection.
Multi-party computing
Implementing Multi-Party Computation (MPC) in NeroX to protect private keys provides enterprises with a highly secure, scalable, and user-friendly solution. Instead of storing private keys in a single location, NeroX leverages secret sharing to split each key into multiple cryptographic shares, distributed across independent servers, devices, or cloud nodes. No single party ever holds the complete key, eliminating the risk of compromise from a single breach. Signing transactions is performed collaboratively on the shares, ensuring the private key is never reconstructed in full at any point.
This design not only enhances security and compliance but also introduces business continuity, as operations can proceed even if some nodes are offline. Additionally, MPC offers flexibility in governance, allowing customizable threshold policies that align with organizational workflows. For businesses, this means stronger protection of digital assets, reduced regulatory risk, and an improved trust model for enterprise-grade security.
Vulnerability Reporting
NeroX maintains a responsible disclosure program and treats all security reports with priority. Identified vulnerabilities can be submitted via email to [email protected].
It may take 3-7 days for communication.
Last updated