Security at Nex BuildO

Data protection

All traffic between your browser or mobile app and Nex BuildO is encrypted with TLS. Operational data is encrypted at rest in managed databases. Files — site photos, documents, and reports — are stored in encrypted object storage (Cloudflare R2) and served to your browser directly through short-lived signed URLs; file bytes are never streamed through, or cached on, our application servers, which shrinks the attack surface for your most sensitive documents.

Access control & tenant isolation

Every record is scoped to your organisation. Access is governed by a role and permission system you control: administrators define roles, and each menu, screen, and API action is gated by an explicit permission. Project-scoped data is further restricted to the projects a user is allowed to see. On the server, detail endpoints enforce organisation scoping on every request, so one customer can never read or write another customer's data.

AI safety

Our AI features are built to be safe by construction:

• Allowlisted actions only. The AI assistant can only propose write operations from a finite, code-reviewed registry. There is no mechanism for the model to call arbitrary endpoints.
• You approve every write. The assistant drafts an action; nothing is saved until you review and confirm it.
• Permissions are enforced structurally. Each AI action carries the same permission gate and validation as the equivalent manual action, checked server-side — not via the prompt.
• Grounded answers. The support chat answers from your workspace documentation and cites its sources; unsupported claims are filtered out.

Infrastructure & reliability

Nex BuildO runs on managed cloud infrastructure with isolated environments for development, staging, and production. We target 99.9% monthly uptime for paid plans. Databases are backed up automatically on a rolling schedule, and restores are tested so recovery is a practiced procedure, not a hope.

Secure development

Security is enforced in the codebase, not bolted on: input is validated on the server as the security boundary, raw queries are parameterised, user-generated HTML is sanitised against an allowlist, and our dependency install pipeline blocks untrusted install scripts to defend against supply-chain attacks. Changes go through code review before they reach production.

Mobile & offline data

The field app stores data locally so crews can work without signal, then syncs securely when a connection returns. Local data is protected by the device's OS-level security, and access to your workspace still requires authentication.

Account security

Accounts are protected with hashed credentials and signed session tokens. Administrators can manage user access and revoke it instantly. Enterprise customers can enable single sign-on (SSO) and advanced role controls.

Reporting a vulnerability

If you believe you've found a security issue, please email support@nexborg.com with details and steps to reproduce. We investigate all reports promptly and will keep you updated. Please give us reasonable time to remediate before any public disclosure.

Contact

NexBorg AI · 7, 6th Cross St, Balaji Nagar, Ekkatuthangal, Chennai, Tamil Nadu 600032, India
Email: support@nexborg.com · Phone: +91 93429 55818