Nevorth maintains reasonable measures appropriate for a startup SaaS and relies on established third-party providers for core infrastructure. We do not claim certifications unless stated in an Order Form.
- Encryption in transit: TLS/HTTPS for external communications with Slack, Cloudflare, Make, OpenAI, Stripe, and our website.
- Encryption at rest: provided by subprocessors where available and as configured in their platforms, including Cloudflare D1 (decision history storage).
- Access restrictions: administrative access to service configuration and stored data is restricted to authorised personnel.
- Logging: operational logs are maintained to support reliability and troubleshooting.
- Vulnerability management: periodic updates to configurations and dependencies where applicable; prioritisation of critical issues.
- Backups/restore testing: resiliency and backups are primarily provided by subprocessors. Nevorth does not promise a specific backup/restore testing schedule unless agreed in an enterprise Order Form.
- Incident handling: Nevorth will notify customers without undue delay of confirmed personal data breaches affecting Customer Data as described in the DPA.
- Decision history storage: decision inputs, outputs, and outcome feedback are stored in Cloudflare D1. Access to this data is restricted to the applicable Customer's account and to authorised Nevorth personnel for operational purposes.