Security & Trust

Built for regulated workloads.

Insurance and fintech are the toughest environments to ship AI into. Nourdge was designed with compliance, auditability, and data boundaries at the core — not bolted on.

SOC 2 Type II ISO 27001 GDPR-ready NDPR-compliant HIPAA on Enterprise

Encryption everywhere

TLS 1.3 in transit, AES-256 at rest. Customer data is encrypted per-tenant with keys rotated quarterly.

Your keys, not ours

LLM and channel credentials live encrypted in your workspace. We never see the plaintext, and you can revoke in one click.

Audit log, always on

Every AI decision, template send, rule edit, and credential change is recorded with reasoning — exportable on demand.

Role-based access

Admin, Editor, Viewer, and custom roles. SSO via Google, Okta, Azure AD, or any SAML IdP (Enterprise).

Data residency

EU, US, or self-hosted deployment options. Your data never leaves your chosen region.

Retention controls

Configure retention per event type. PII pseudonymized by default; you control what Nourdge can see.

The AI data boundary.

A common question: does Nourdge train on my data? Short answer: no.

  • Nourdge never trains on your data. Ever.
  • Anthropic, OpenAI, and Google enterprise tiers don't train on your API calls. We use those tiers by default.
  • On Enterprise, run Nourdge against your own LLM gateway — data never leaves your perimeter.
  • PII redaction is on by default; you can add custom redaction rules per field.
Data flow
01Your app posts event to Nourdge (TLS 1.3)
02Nourdge redacts PII, applies rules
03Encrypted LLM call via your key
04Message sent via your channel key
05Full event logged + hashed

Compliance artifacts.

SOC 2 Type II report
Annual audit, available under NDA.
Request →
ISO 27001 certificate
Current, renewed 2025.
Download →
Data Processing Agreement
Standard DPA and GDPR-ready Schedule.
Request →
Penetration test summary
Quarterly, by third party.
Request →
Subprocessor list
Who touches your data, and for what.
View →
Security whitepaper
Full architecture, controls, incident response.
Download →

Security questions?

Our security team answers in under 24h.

Contact security