Security you run yourself, on infrastructure you control.
NYXDB is self-hosted software. You run it inside your own environment, so your data never leaves it and your existing network, encryption, and access controls apply directly. This page describes the security posture built into the engine and how to report a vulnerability.
Credential hashing
Operator and user credentials are hashed with PBKDF2-SHA256 at 600,000 iterations. Secrets are never stored in plaintext or as fast, unsalted digests.
Access control
Role-based access control and a policy engine gate what each identity can read and write, so permissions are enforced inside the engine rather than bolted on at the application layer.
Audit-oriented design
The engine is built around durable, ordered history and point-in-time reads, so security-relevant activity can be reconstructed to the exact state a decision saw.
Data stays with you
Deployments are self-hosted, so your data never leaves your infrastructure. There is no NYXDB-operated cloud that your production data flows through.
Reporting a vulnerability
If you believe you have found a security issue in NYXDB, email [email protected]. We practice coordinated disclosure: report the issue privately, give us a reasonable window to investigate and ship a fix, and we will keep you updated on progress. Please do not open a public GitHub issue for security reports.
We do not run a paid bug bounty program yet, so we cannot offer monetary rewards at this time. We do appreciate responsible disclosure and will credit reporters who want it. A machine-readable version of this policy is published at /.well-known/security.txt.
Compliance
SOC 2: planned. NYXDB is not SOC 2 certified, and a SOC 2 audit is not yet in progress — it is on our roadmap, and we will update this page when that status changes. In the meantime, self-hosted deployment keeps data inside your own compliance boundary, under controls you already operate.
Security contact
Report a vulnerability or ask about our security posture. For deployment hardening, the docs cover operations end to end.