Trust & Security Center
Your data stays yours. Always.
NEXTA is engineered for the strictest enterprise security standards — on-premise deployment, IT/OT segmentation, role-based access, full audit logging, and zero training on your data.
·Six security principles
Built for enterprises that can't afford a leak.
On-premise by default
Data, models, and logs run inside your environment. No cloud dependency for live operations.
Read-only on control systems
On the OT side, Nexta listens to PLCs and never writes back. Zero risk to a running line.
IT/OT segmentation
Strict separation between corporate IT and operational technology networks, enforced at every layer.
Role-based access
Fine-grained permissions per user, per role, per workflow — with full audit logging.
Encryption everywhere
TLS 1.3 in transit. AES-256 at rest. Keys you control, with optional HSM integration.
No training on your data
Your data never trains any model that touches anyone else. Ever.
·Compliance
Aligned with the standards your auditors expect.
Saudi PDPL
Compliant with the Personal Data Protection Law of the Kingdom of Saudi Arabia.
ISO 27001
Information security management aligned with ISO/IEC 27001 controls.
SOC 2 Type II
Annual independent audit of security, availability, and confidentiality.
GDPR-ready
Tooling for data subject requests, retention policies, and breach notification.
IFRS 17 / SAMA
Regulatory reporting templates for financial services workflows.
·Security FAQ
Common questions.
Where does my data live?
Inside your environment. NEXTA can be deployed on-premise, on your private cloud (AWS / Azure / GCP), or hybrid. The control plane never has access to your data — only metadata necessary for licensing and updates.
Do you train models on customer data?
No. Customer data never leaves the customer environment and never trains any shared model. Each customer's models are isolated and dedicated.
How do you handle credentials and secrets?
Secrets are stored in your vault of choice (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, or on-premise HSM). NEXTA never persists credentials in plaintext.
How do you handle vulnerabilities?
Continuous static analysis, dependency scanning, and quarterly penetration tests. Patches are released within 7 days of CVE disclosure for high/critical issues.
Can I export everything if we decide to leave?
Yes — open data formats, documented schemas, and an export tool. No vendor lock-in, no proprietary file formats.
Ready for a deeper security review?
Request a full security & architecture review with our team — we'll walk through your environment and answer every question.