Skip to content

Security & Compliance

At Nexaa, we take security and compliance seriously — it's at the core of our platform’s design and operations. Whether you're building internal tools, customer-facing platforms, or handling sensitive data, Nexaa offers the trust and transparency developers need to confidently deploy to the cloud.

Security Principles

Nexaa follows a security-first approach built on the following pillars:

  • Isolation by Design: Workloads are isolated per Namespace, with strict boundaries enforced at the network and orchestration level.
  • Encryption Everywhere: Data in transit is protected with TLS 1.2+ and modern cipher suites.
  • Minimal Privilege: Internal services, operators, and users only get the access they need — nothing more.
  • Secure Defaults: All containers and databases run with hardened defaults, including non-root user policies and read-only file systems where applicable.
  • API Security: Authentication and authorization for the GraphQL API are enforced using OAuth 2.0 tokens with limited lifetimes and scoped permissions.

Certifications

Nexaa operates on top of infrastructure certified under multiple international standards. These certifications demonstrate our ongoing commitment to data protection, quality management, and service reliability.

Certification Description
ISO 27001 Information security management — focused on data confidentiality, integrity, and availability.
ISO 9001 Quality management — ensures consistent service delivery and continual improvement.
ISAE 3402 Type 1 Independent assurance of control effectiveness in outsourced services.
PCI-DSS Compliance for securely handling payment card data — relevant for fintech use cases.

All data is stored within the Netherlands, ensuring compliance with GDPR and Dutch data protection laws.

Best Practices for Users

To get the most from Nexaa's security features:

  • Use API Users with unique credentials, not shared accounts.
  • Rotate access tokens regularly.
  • Avoid storing secrets in code; use environment variables.
  • Enable logging and alerts for production services.
  • Enable MFA for all personal accounts.

Questions or Incidents?

If you discover a vulnerability or have a security-related question, contact us immediately at support@tilaa.com. We appreciate responsible disclosures and will respond promptly.