Security Policy

Version: 1.2.0Last Updated: February 4, 2026Company: NexliOne

1. Purpose

This Security Policy provides a high-level overview of security practices used to help protect the NexliOne platform (the "Service"). Security is a shared responsibility: we work to secure the Service, and customers are responsible for configuring the Service appropriately and securing their users, devices, and networks.

This document describes practices that may evolve over time and is not a guarantee that incidents will never occur.

2. Platform Security Measures (High Level)

We maintain administrative, technical, and organizational measures designed to protect the Service and Customer Content. Measures may include:

  • Encryption of data in transit using industry-standard protocols.
  • Access controls, authentication safeguards, and least-privilege permissions.
  • Tenant/workspace isolation controls to reduce the risk of cross-tenant access.
  • Logging and monitoring to help detect abuse, fraud, and security events.
  • Secure development practices and dependency updates.
  • Backups and disaster recovery practices appropriate to the Service.

3. Multi-Tenant Architecture

NexliOne is built as a multi-tenant platform. The Service is designed to logically separate each tenant's data using technical controls (for example, tenant scoping and database access controls). Customers are responsible for:

  • managing user access and roles;
  • using strong authentication (including multi-factor authentication where available); and
  • reviewing permissions and audit logs available in the Service.

4. Customer Security Responsibilities

Customers should implement appropriate safeguards, including:

  • strong passwords and multi-factor authentication for all users;
  • least-privilege access and role-based permissions;
  • secure endpoint devices and updated browsers;
  • network controls appropriate to their environment; and
  • internal backup/retention procedures aligned with their business needs.

5. Incident Response and Notifications

We maintain incident response processes designed to investigate, contain, and remediate security incidents. Where required by law or contract, we will notify affected customers of certain security incidents and provide information reasonably necessary to assist in their response.

6. Vulnerability Reporting (Responsible Disclosure)

If you believe you have discovered a security vulnerability, please contact us with details so we can investigate:

  • Email: support@nexlione.com

Please do not publicly disclose vulnerabilities until we have had a reasonable opportunity to investigate and address the issue.

7. Updates

We may update this Security Policy from time to time to reflect changes in our practices, the Service, and legal requirements.

NexliONE | Security Policy