Security & Data Protection

Builders trust Nexxt Site Manager with business information, so security is built into the platform rather than added on. This page describes the protections in place.

1. Encryption in transit

All traffic between your browser and the Service is encrypted over HTTPS/TLS.

2. Authentication

Sign-in is passwordless — a secure, single-use link is sent to your email. We do not store passwords, which removes a whole category of risk. Sessions use short-lived tokens that refresh automatically.

3. Database security

Account data is held in a managed PostgreSQL database hosted in the Sydney, Australia region. Row-level security is enforced so each account can access only its own records — never another customer's data. Internal/operational tables are restricted to server-side access only.

4. Payment security

Payments are processed by Stripe, a PCI-DSS Level 1 provider. Card details are entered directly with Stripe and never reach or pass through our servers.

5. Access control and auditing

Administrative functions are protected by role-based access control. Privileged and billing-related actions are recorded in an append-only audit log, so significant events are traceable.

6. Abuse and reliability protection

The AI endpoints are protected by request-origin checks, per-client rate limiting and a global daily cap. AI calls use automatic retry with backoff so brief upstream issues do not become user-facing failures.

7. AI data handling

Content you submit to the AI tools is processed by our AI provider solely to generate your requested output. API inputs are not used to train AI models.

8. Backups and recovery

The database is operated on managed infrastructure with backup capability, and the schema is version-controlled so it can be reliably reproduced. Deployments can be rolled back if an issue is detected.

9. Monitoring

Errors and operational events are logged, and the platform is monitored for health and anomalies so problems can be identified and addressed quickly.

10. Your part

Because sign-in is by email link, the security of your email account matters. Keep it protected and enable two-factor authentication on it where possible.

11. Reporting a security issue

If you believe you have found a security vulnerability, please tell us promptly and privately at hello@nexxtsitemanager.com.au. We will investigate and respond. Please do not publicly disclose an issue before we have had a reasonable opportunity to address it.