Data Security

Security Principles

• Privacy and security by design for all major workflows.
• Least-privilege access for users and internal teams.
• Layered controls for account, application, and infrastructure security.
• Continuous monitoring and incident response readiness.

Access and Identity Controls

• Role-based permissions for operators, managers, and staff.
• Credential management policies and secure authentication practices.
• Access reviews and administrative control safeguards.

Data Protection Controls

• Encryption in transit and protection mechanisms for stored data.
• Segregation of customer data and controlled data handling workflows.
• Retention and deletion controls aligned to business and legal requirements.

Application and Platform Security

• Secure development lifecycle practices and change controls.
• Logging, auditability, and anomaly detection for key events.
• Regular maintenance, patching, and vulnerability management workflows.

Incident Management

We maintain internal procedures to identify, investigate, contain, and remediate security events. Where required, affected customers are notified in line with contractual and legal obligations.

Customer Responsibilities

• Use strong credentials and manage user access responsibly.
• Collect and process tenant data with valid legal basis and consent where required.
• Report suspected account misuse or incidents promptly.

Risk Verification Clarification

NexoStays tenant risk checks are opt-in and information-based. NexoStays is not an enforcement authority and does not issue legal judgments on individuals.

Security Contact

For security reporting or questions, contact security@nexostays.com.