Security at Nerlude

Nerlude is built from the ground up with security in mind. We understand that you're trusting us with sensitive information—API keys, passwords, and business-critical credentials—and we take that responsibility seriously.

Our security approach is based on three principles:

• Defense in depth - Multiple layers of security at every level
• Least privilege - Access only what's needed, when it's needed
• Transparency - Clear communication about how we protect your data

Encryption at rest

All sensitive data stored in Nerlude is encrypted using AES-256 encryption, the same standard used by banks and government agencies. This includes:

• API keys and secrets
• Passwords and tokens
• Database connection strings
• Any custom credentials you store

Encryption in transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3. We enforce HTTPS on all connections and use HSTS to prevent downgrade attacks.

Key management

Encryption keys are managed using industry best practices:

• Keys are stored separately from encrypted data
• Keys are rotated regularly
• Access to keys is strictly controlled and audited
• We use hardware security modules (HSMs) for key storage

Credentials are the most sensitive data in Nerlude, and we treat them with extra care:

Password security

• Passwords are hashed using bcrypt with high work factor
• We enforce minimum password requirements
• Passwords are checked against known breach databases
• We never store plaintext passwords

Two-factor authentication (2FA)

We strongly recommend enabling 2FA on your account. We support:

• Authenticator apps (Google Authenticator, Authy, 1Password)
• SMS verification (as backup)
• Recovery codes for account recovery

Session management

• Sessions expire after 30 days of inactivity
• You can view and revoke active sessions
• Sensitive actions require re-authentication
• Sessions are invalidated on password change

Our infrastructure is designed for security and reliability:

• Cloud hosting - We use enterprise-grade cloud providers with SOC 2 Type II certification
• Network security - Firewalls, DDoS protection, and intrusion detection systems
• Database security - Encrypted databases with automated backups and point-in-time recovery
• Monitoring - 24/7 monitoring for security anomalies and performance issues
• Regular updates - Security patches applied within 24 hours of release

Here's how you can help keep your account secure:

1. Enable two-factor authentication

   This is the single most effective way to protect your account.

2. Use a strong, unique password

   Use a password manager to generate and store a unique password for Nerlude.

3. Review team access regularly

   Remove team members who no longer need access.

4. Use role-based permissions

   Give team members only the access they need.

5. Monitor credential access

   Review audit logs to see who's accessing sensitive credentials.

6. Keep credentials up to date

   Rotate credentials regularly and remove unused ones.

7. Use temporary access for contractors

   Set expiration dates for external collaborators.

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:

We commit to:

• Acknowledge your report within 24 hours
• Provide regular updates on our progress
• Not take legal action against good-faith reporters
• Credit you in our security acknowledgments (if desired)