Skip to content

Trust Center

The technical case for trusting Brain with your data.

NitroxBrain holds OAuth access to mail, files, calendars and CRM β€” so IT and legal teams are right to scrutinise it. This page is written for them: the architecture, the cryptography, the data-residency map, the sub-processors, and the certifications, with no marketing varnish. For the plain-language version, see the Security page.

βœ“ CASA TIER 2 β€” VERIFIED BY DEKRA

NitroxBrain has passed the App Defense Alliance Cloud Application Security Assessment (CASA) β€” Tier 2 (lab-tested, lab-verified), conducted by DEKRA, an independent authorised security laboratory, against the OWASP Application Security Verification Standard (ASVS) β€” authentication, access control, data protection, cryptography, communications and API security among them β€” and passed every category. Certification ID 276ad600, valid 23 Jun 2026 β†’ 24 Jun 2027.

The full statement of validation is available under NDA on request. SOC 2 Type II / ISO 27001 readiness is targeted for H2 2027 β€” not a current claim. We target 99.5% monthly availability for the chat surface; there is no contractual SLA in V1 (enterprise SLAs available on request).

Architecture

Four independent isolation layers

There is no shared multi-tenant store for your messages, files, or memory. Each subscriber runs in their own Cloud Run service, with their own vault bucket, database, and secrets. To pivot from one user's data to another's, an attacker would have to break IAM and OAuth scoping simultaneously β€” the layers below are each, on their own, sufficient.

1

Token at rest β€” IAM-scoped buckets

Each user's OAuth tokens live in gs://nitroxbrain-vault-<slug>/.credentials/. Bucket IAM grants object access only to that user's runtime service account. No other container holds a credential that can read it.

2

Runtime filesystem β€” single mount

The per-user Cloud Run container mounts only that user's vault bucket (via gcsfuse) at /app/Memory. There is no cross-user bucket on the filesystem to traverse.

3

OAuth scope β€” bound by Google

Each refresh token is bound at issuance to the granting user. Google's token endpoint only ever returns access tokens for that user's own resources β€” the scope boundary is enforced provider-side, not just by us.

4

Identity routing β€” dispatcher

Inbound messages route by sender_id β†’ user_routes β†’ target_url. A message physically cannot be delivered to another user's container; the routing table is the only path in.

Deliberately shared (and safe because the boundary is enforced elsewhere): the OAuth client ID (Google scopes per-user at the token layer) and the directory service account (used only for Chat delivery and directory lookups, with a tightly controlled impersonation subject).

Cryptography

Encryption, specifically

Exact primitives, not 'bank-grade'.

At rest β€” AES-256 (Google-managed)

All GCS vault buckets and Lightsail block storage are encrypted at rest with Google-managed AES-256. Per-user separation is enforced by IAM, not per-user keys (no CMEK today β€” an option if a customer requires it).

Application-layer token encryption

Slack and Teams bot tokens are additionally encrypted at the application layer with Fernet (AES-128-CBC + HMAC-SHA256); the keys live in Google Secret Manager, separate from the database.

In transit β€” TLS 1.2+ (1.3 preferred)

Public traffic terminates on Caddy with Let's Encrypt certificates; the Postgres link enforces sslmode=require with a real CA-issued certificate; Cloud Run ingress is mTLS.

OAuth tokens β€” per-user, IAM-fenced

Each user's OAuth tokens sit in their own vault bucket, readable only by their container's service account. A token is never copied into another user's runtime.

Data residency

EU-only core, by design

Compute + memory: europe-west1 (Belgium)

Your per-user container and your vault (conversation memory + files Brain creates) run in Google Cloud europe-west1.

Routing + dispatcher: eu-west-3 (Paris)

The routing database and the message dispatcher run on AWS in Paris. Teams ingress (transient only) is Azure westeurope (Netherlands).

No US core hosting

No core infrastructure sits in the US. US exposure is limited to sub-processor APIs (LLM, payments, web search) called per-turn under DPF / SCCs β€” listed in full below. Voice-memo transcription is EU-resident by default (AssemblyAI, Dublin).

Third-party content stays at the source

The mail, files and events Brain reads from Gmail / Drive / OneDrive / HubSpot live wherever those vendors host them. We relay that data per-turn; we don't relocate it. Enterprise Google Workspace / Microsoft 365 can pin those to the EU.

Article 28

Sub-processor register

Every third party that may process your data, what it does, where, and the transfer basis.

Sub-processorFunctionLocationTransfer basis
Google Cloud (Gemini)Hosting β€” compute, per-user vault, Secret Manager; optional LLM/STTEU β€” europe-west1 (Belgium)EU β€” no transfer
AWSDispatcher, routing DB, static site, contact-form mail (SES)EU β€” eu-west-3 (Paris)EU β€” no transfer
Microsoft AzureMicrosoft Teams ingress (transient routing β€” no content store)EU β€” westeurope (NL)EU β€” no transfer
MistralLLM inference (alternative engine, opt-in)EU β€” FranceEU β€” no transfer
OVHSupport-mail forwardingEU β€” FranceEU β€” no transfer
AssemblyAIVoice-memo transcription (default backend)EU β€” eu-west-1 (Dublin) Β· defaultEU β€” no transfer Β· US via configuration: DPF / SCCs
Anthropic (Claude)LLM inference (default engine)USDPF / SCCs Β· no-training
OpenAILLM inference (alternative engine)USDPF / SCCs Β· no-training
TavilyWeb search (only when a search actually runs)USSCCs
StripePayments / billingUSDPF / SCCs
Google Analytics 4Website analytics (consent-gated only)USDPF / SCCs Β· consent

Not sub-processors β€” user-directed independent controllers: HubSpot, Trello, Oura, and your own Google / Microsoft accounts. You connect these directly via their OAuth screens; they process your data under their own terms, on your instruction, not ours.

Data Processing Agreement (DPA): our standard GDPR Art. 28 DPA (incorporating this sub-processor register and the EU SCCs for the US transfers above) is available on request β€” ask via /contact and we'll send it for signature.

Retention, deletion & audit

What we keep, for how long, and how it's tamper-proof

Deletion you can verify, records you can't quietly alter

The point of a hash chain is that nobody β€” including us β€” can edit history without it showing.

Tiered retention

Live operator-access audit: 18 months. Operational error logs: 90 days. Account + OAuth data: deleted within 30 days of termination. Audit log offsite: 7 years (WORM).

GDPR Art. 17 erasure

On cancellation we tear down your container, empty your vault bucket, revoke OAuth tokens on our side, and hard-delete your database rows β€” confirmation email when done, 30-day hard target. The 7-year audit retention is the one lawful exemption (Art. 17(3)).

Tamper-evident operator audit

Every operator access to a user resource is written to a SHA-256 hash-chained table (each row hashes the previous), with an INSERT-only writer role and a separate purger role that RLS restricts to rows older than 18 months β€” operators cannot rewrite or delete recent entries.

7-year WORM offsite

The audit chain is copied hourly to a Cloud Storage bucket with a 7-year object-retention lock β€” immutable, so even operator credentials cannot rewrite or delete it. A verifier script re-checks chain integrity across retention boundaries.

🚫 No model training

Your data is not used to train models

We do not train any model on your data, and we do not sell it. The third-party LLMs Brain calls (Anthropic Claude, OpenAI GPT, Mistral, Google Gemini) run on API tiers with no-training data-handling agreements, which each vendor publishes for their API. Third-party content is transient β€” it lives in a single turn and is not retained for training.

Sending this to your IT or legal team?

Happy to walk through the architecture, the CASA report, a DPA, or the sub-processor list on a call. The Enterprise Security Whitepaper (PDF) is available on request via /contact.