Security, auditability, and tenant isolation by design.

Nexus BDX is engineered for controlled insurance operations where every data action must be attributable, reversible, and reviewable.

Request Security Brief View Operating Models

Tenant isolation model

Tenant-aware repositories and access validation for batch and program APIs.

Authentication & RBAC

JWT login with role-scoped permissions across repair, approval, and AI endpoints.

Edge & API protection

CORS controls, security headers, HSTS (prod), and safe global exception handling.

Audit + AI governance

Immutable audit logs, AI action logs, correlation IDs, token/cost tracking, and feedback.

Compliance posture

Nexus BDX follows a SOC2-ready posture and production hardening controls. We do not claim active certification on this page; attestation details are shared through formal security review.

• Structured logging and correlation IDs across API flows
• Append-only triggers for audit and AI action logs
• AI outputs validated before use; no direct write-through by generation step
• Secrets via environment and hardened middleware defaults

Security, auditability, and tenant isolation by design.

Tenant isolation model

Authentication & RBAC

Edge & API protection

Audit + AI governance

Compliance posture

Security FAQ

How do you handle tenant isolation?

What authentication and authorization model is used?

How are audit events captured?

Do you support encryption and network protections?