Security you can prove, not just claim

Every Nectos release passes 80+ offensive security tests — hosted on ISO 27001 and SOC 2 audited Swiss cloud infrastructure.

Infrastructure Security

Hosted exclusively on Hidora SA — Swiss ISO 27001 certified cloud infrastructure
Physical servers located in Switzerland — no data ever leaves Swiss territory
Network segmentation and firewall policies enforced at infrastructure level
DDoS protection and intrusion detection systems active at all times

Data Protection

All data encrypted in transit using TLS 1.3
All data encrypted at rest using AES-256
Encryption keys managed under Swiss jurisdiction
No customer data accessible to Adopt-AI SA staff without explicit authorization
Zero training on customer data — contractually guaranteed

Access Controls

Multi-factor authentication (MFA) enforced for all administrative access
Role-based access control (RBAC) at workspace and knowledge base level
Principle of least privilege enforced across all systems
Session management with automatic expiry and revocation capabilities

Security testing

80+ offensive security tests run on every production release
Regular independent penetration testing
Automated vulnerability scanning in CI/CD pipeline
Responsible disclosure program for external researchers

We don't just claim security — we test for it continuously.

security.coverage.txt

Authentication & Authorization
— Brute force protection
— Session fixation
— Privilege escalation
— Broken access control
— JWT validation

Input Validation
— SQL injection
— XSS (reflected, stored, DOM)
— CSRF
— XML injection
— Path traversal

API Security
— Rate limiting
— Parameter pollution
— Insecure direct object reference
— Mass assignment
— Sensitive data exposure

Infrastructure
— TLS configuration
— HTTP security headers
— Cookie security flags
— CORS policy validation
— Open redirect

Certifications & standards

ISO 27001

Infrastructure hosted on ISO 27001 certified Swiss cloud (Hidora SA)

nDSG / FADP

Fully compliant with the Swiss Federal Act on Data Protection

GDPR ready

Data processing aligned with EU General Data Protection Regulation

Data Processing Agreement

Nectos provides a full Data Processing Agreement (DPA) for organizations that require one. The DPA formalizes our data protection commitments and is available on request for all plans.

View Privacy Policy

Want the full security documentation?

Our Security & Compliance Pack includes architecture diagrams, penetration test summaries, and DPA for your procurement and legal teams.

Security & Compliance Pack