← All guides

Security

Effective date: July 12, 2026.

Encryption

  • In transit: all traffic is served over TLS/HTTPS.
  • At rest: sensitive secrets (database connection strings, storage keys, API keys) are encrypted with AES-256-GCM before storage. Your database/storage provider encrypts the underlying data at rest per their standards.

Tenant isolation

Every workspace's data is isolated two ways: in the application (all queries scoped by workspace_id, membership enforced on every request) and at the database level using PostgreSQL Row-Level Security — so even a software bug cannot expose one workspace's rows to another. The platform operator can see only aggregate statistics (counts, storage/traffic bytes, billing) — never your notebook Content.

Access control & authentication

  • Role-based access (owner, manager, member, viewer) per workspace.
  • Signed, HTTP-only session cookies; optional IP allow-listing per lab group.
  • Electronic signatures & witnessing, immutable version history, and full audit logs (see FDA 21 CFR Part 11).

Infrastructure & durability

We build on providers with strong security postures (Vercel, Cloudflare) and delegate data durability to professional database/storage companies (Aiven, Supabase, Neon, AWS, Cloudflare R2) with their own replication, backups, and certifications — see Data integrity & liability and Sub-processors.

Backups & export

Your provider handles backups (BYODB) or we do (managed). You can download a full archive export any time (Admin → Archive); long-inactive workspaces are auto-exported and the owner notified.

Incident response & disclosure

We monitor the Service and will notify affected customers of a confirmed personal-data breach without undue delay. Found a vulnerability? Please report it responsibly to security@nexteln.com — we won't pursue good-faith researchers.

Certifications

Our infrastructure providers hold SOC 2 / ISO 27001 / PCI-DSS as noted in Sub-processors. NextELN's own formal attestation (e.g. SOC 2) is on our roadmap; contact us for current status.

Last updated 7/12/2026