Security & Compliance
Your data protection is our top priority. NexaDesk is built with enterprise-grade security from the ground up.
Compliance & Certifications
We adhere to globally recognized standards so you can trust NexaDesk with your most sensitive data.
SOC 2 Type II
In ProgressWe are actively pursuing SOC 2 Type II certification, the gold-standard auditing framework for SaaS companies covering security, availability, and confidentiality.
GDPR Compliant
CompliantNexaDesk implements proper data handling, consent management, and deletion policies in full compliance with the EU General Data Protection Regulation.
PIPEDA Compliant
CompliantAs a Canadian company, NexaDesk fully complies with the Personal Information Protection and Electronic Documents Act governing how we collect, use, and disclose personal information.
CCPA Ready
ReadyNexaDesk supports California Consumer Privacy Act requirements including the right to know, delete, and opt out of the sale of personal information.
Data Encryption
CompliantAll data is encrypted with AES-256 at rest and TLS 1.3 in transit, ensuring your information is protected at every stage.
Multi-Tenant Isolation
CompliantEvery tenant operates within a separate PostgreSQL schema, ensuring complete data isolation between organizations.
HIPAA Ready
ReadyNexaDesk can support healthcare clients with HIPAA-compliant configurations. Business Associate Agreements are available upon request.
99.9% Uptime SLA
CompliantWe guarantee 99.9% uptime backed by our Service Level Agreement, with redundant infrastructure and automated failover.
Security Features
Every layer of NexaDesk is designed with security best practices to protect your data and your customers.
End-to-End Encryption
All communications are encrypted in transit and at rest using industry-standard protocols.
Multi-Tenant Data Isolation
Dedicated PostgreSQL schemas per tenant prevent any cross-tenant data access.
Role-Based Access Control
Fine-grained permissions let you control exactly who can access what within your organization.
Two-Factor Authentication
Add an extra layer of security to every account with TOTP-based two-factor authentication.
API Key Management
Generate, rotate, and revoke API keys with full audit trails for every integration.
Automated Backups
Continuous automated backups with point-in-time recovery ensure your data is never lost.
Rate Limiting & DDoS Protection
Built-in rate limiting and DDoS mitigation keep your services available under any conditions.
Audit Logging
Comprehensive audit logs track every action across your account. Available on the Enterprise plan.
Data Handling
Transparency in how we store, process, and manage your data.
Data Residency
All data is stored in Canada (AWS ca-central-1) with options for regional data residency on Enterprise plans.
Data Retention
Conversation data is retained for the duration of your subscription. You can configure custom retention policies to meet your compliance needs.
Right to Deletion
In accordance with GDPR and PIPEDA, you can request complete deletion of your data at any time. Deletion requests are processed within 30 days.
Data Portability
Export all your data at any time in standard formats. We believe your data belongs to you.
Have Security Questions?
Our team is ready to discuss your security requirements, provide compliance documentation, or schedule a security review.