Security at NuStack
We take the security of your financial data seriously. Here's how we protect it.
Encryption in Transit
All data transmitted between your browser and our servers uses TLS 1.2+. We enforce HTTPS across all endpoints.
Encryption at Rest
Data stored in our database (Supabase / PostgreSQL) is encrypted at rest using AES-256.
Bank Credentials Never Stored
We use Plaid to connect financial accounts. Your bank login credentials go directly to Plaid — NuStack never sees or stores them.
MFA on All Admin Access
Multi-factor authentication (authenticator app) is required for all personnel accessing production systems, dashboards, and cloud infrastructure.
Row-Level Security
Our database enforces row-level security (RLS) policies so each customer can only access their own data — enforced at the database layer, not just the application layer.
Secrets Management
API keys and secrets are stored in environment variables via Vercel's encrypted secrets management — never in source code or version control.
Least-Privilege Access
Production system access is restricted to authorized personnel only. We audit access regularly and revoke credentials when no longer needed.
Incident Response
We have an incident response process. In the event of a data breach we will notify affected users within 72 hours as required.
Infrastructure Partners
- Vercel — Hosting and deployment. SOC 2 Type II certified.
- Supabase — Database and backend. SOC 2 Type II certified.
- Plaid — Financial data connectivity. SOC 2 Type II certified, PCI DSS compliant.
Report a Vulnerability
If you discover a security issue, please report it responsibly to security@nustack.digital. We will acknowledge your report within 48 hours and work to resolve confirmed issues promptly. Please do not publicly disclose vulnerabilities before we have had a chance to address them.