Security at NEXUS

How We Protect Your Data

NEXUS handles deeply personal information — your life story, your conversations, your goals, your private thoughts. We take that responsibility seriously. Here's exactly how we protect it.

Your Data Is Isolated

Every NEXUS user operates in a completely isolated environment. Your AI agent cannot see, access, or be influenced by any other user's data.

This isn't just application-level filtering — it's enforced at the database level using Row-Level Security (RLS). Even a bug in our code cannot expose another user's data.

Your Data Is Encrypted

At Rest

All sensitive data is encrypted using AES-256 encryption. Your conversations, onboarding answers, agent memories, and integration credentials are additionally encrypted using Supabase Vault — a dedicated secrets and encryption management system.

Per-User Keys

Each user has a unique encryption key. Your data is encrypted with YOUR key — not a shared key. This means even in the worst-case scenario of a database breach, one user's data cannot be used to decrypt another's.

In Transit

All data between your browser and our servers is encrypted using TLS 1.3. We enforce HSTS to prevent downgrade attacks.

No Passwords

NEXUS uses magic link authentication — passwordless login via email. There is no password to leak, brute-force, or phish. Sessions use short-lived tokens that expire automatically.

Your Conversations Stay Private

When you chat with your AI agent, your messages are processed by the Anthropic Claude API. Under Anthropic's commercial API terms:

  • ✅ Your data is NOT used to train AI models
  • ✅ Your data is NOT stored by Anthropic beyond the API request
  • ✅ Anthropic may retain data for up to 30 days for safety monitoring only

    • We chose Anthropic specifically because their commercial API terms provide the strongest data protection in the industry.

    Australian Data Residency

    Your data is stored in Sydney, Australia (AWS ap-southeast-2 region) via Supabase. It does not leave Australian infrastructure for storage.

    You Control Your Data

  • Export your data at any time in a portable format
  • Delete your account and ALL associated data — we purge everything within 30 days
  • Disconnect integrations, clear memories, or delete conversations individually
  • See exactly what your agent remembers about you in the Memories view

    • Audit & Compliance

  • Security audit logging tracks all access and security-relevant events
  • Row-Level Security enforced on every database table
  • Regular security reviews
  • Breach notification within 72 hours (Australian NDB scheme)
  • Compliant with the Australian Privacy Act 1988

    • Our Infrastructure

    | Layer | Provider | Security |

    |-------|----------|----------|

    | Database | Supabase (PostgreSQL) | RLS, Vault encryption, Sydney region |

    | Authentication | Supabase Auth | Passwordless, JWT, short-lived tokens |

    | Hosting | Vercel | Edge network, DDoS protection, HTTPS |

    | AI Processing | Anthropic Claude API | Commercial terms, no training on your data |

    | Payments | Stripe | PCI-DSS Level 1 compliant |

    Questions?

    If you have any security concerns or questions, contact us at hello@mystripesconnect.com.au.

    My Stripes Digital — "We build the systems that set businesses free." 🦓