Skip to main content

Security

How we protect the platform

Technical security practices for the Nexynth Labs corporate site and integration architecture — honest readiness statements without false compliance claims.

Review required

Security and trust content on this site describes current practices and readiness only. It is not a certification, audit report, or legal opinion. Final security and legal review by qualified professionals is required before production reliance or regulatory submission.

Secure hosting

Production deployments target reputable cloud hosting with HTTPS, environment-isolated secrets, and separation between corporate and product domains.

  • Static-first public pages reduce attack surface versus heavy server-side session state.
  • Secrets and API keys belong in host environment variables — never in version-controlled config.
  • Admin routes and APIs are excluded from search indexing and protected by session middleware.
  • GetPandit product infrastructure is hosted and released independently on getpandit.com.

SSL readiness

All public corporate routes are intended to be served over HTTPS in production with valid TLS certificates on the apex domain.

  • Production checklist requires HTTPS before go-live — no mixed-content embeds of third-party apps.
  • HSTS and certificate renewal are managed at the hosting / CDN layer.
  • External product links (getpandit.com) use HTTPS destinations.

Payment security readiness

Payment processing is designed for product domains — not the corporate brochure site. Architecture prepares for PCI-aware gateway integrations.

  • Corporate site does not collect card numbers or run checkout flows.
  • GetPandit payment integration readiness is documented on the product stack — gateway-hosted checkout patterns preferred.
  • Webhook signature verification and idempotent handlers are part of integration design.
  • No PCI DSS certification is claimed by this marketing site.

Access control

Internal admin access uses signed sessions, role-based module visibility, and no public registration path.

  • Middleware redirects unauthenticated users away from /admin routes.
  • Roles: SUPER_ADMIN, ADMIN, MARKETING_ADMIN, SALES_ADMIN — least-privilege module matrix.
  • Shared admin password is a phase-1 interim measure; per-user hashes planned.
  • API routes for leads require valid admin session cookies.

Edit content in src/config/security-trust.ts · No SOC 2, ISO 27001, or PCI certification is claimed on this page.

Questions about security?

Partners and enterprise clients can discuss architecture, access control, and integration patterns with our team.