NOW AVAILABLEClinical Intelligence Platform — Now Available

Legal

Data Security

Nyelux is built on defense-in-depth security: hardened infrastructure, encryption everywhere, continuous monitoring, and a zero-trust access model — engineered to meet the expectations of healthcare organizations and enterprise buyers.

Security architecture

Defense in depth

  • Multiple layers of security controls
  • Separation between network tiers
  • Principle-of-least-privilege by default
  • Protection against known OWASP threat vectors

Zero trust model

  • Continuous authentication and authorization
  • Per-request identity verification
  • No implicit trust inside the network perimeter
  • Mutual TLS for service-to-service traffic

Secure infrastructure

  • Cloud infrastructure with automated patching
  • Immutable deployment artifacts
  • Vulnerability scanning on every build
  • Hardened base images

Data isolation

  • Logical separation per organization
  • Scoped access tokens
  • Row-level security in data stores
  • No cross-tenant data exposure

Encryption standards

Data at rest

  • AES-256 encryption for all stored data
  • Encrypted database backups
  • Managed key rotation
  • Hardware security modules for key custody

Data in transit

  • TLS 1.3 for all external connections
  • Certificate pinning on critical paths
  • Perfect forward secrecy
  • Encrypted service-to-service API traffic

Access control and authentication

Multi-factor authentication

  • Required for all accounts
  • Authenticator apps
  • Hardware security keys
  • Biometric support

Role-based access

  • Principle of least privilege
  • Organization-level isolation
  • Custom role creation
  • Regular access reviews

Session management

  • Automatic timeout
  • Secure session tokens
  • Device fingerprinting
  • Concurrent session limits

Monitoring and incident response

24/7 security monitoring

  • Real-time threat detection
  • Anomaly detection
  • SIEM (security information and event management)
  • Automated response for known patterns

Incident response

  • Dedicated security response team
  • Defined response-time commitments
  • Post-incident review and remediation
  • Customer notification within required windows

Certifications and compliance

  • HIPAA-aligned administrative, physical, and technical safeguards
  • SOC 2 Type II controls
  • Annual penetration testing by independent third parties
  • Regular vulnerability assessments
  • Compliance with GDPR for EU users
  • CCPA compliance for California residents

Security documentation and due diligence

We provide security documentation, SOC 2 reports, and BAAs to healthcare organizations evaluating Nyelux. Our team supports full security reviews and vendor risk assessments.

Request documentationHIPAA compliance