Security
Last updated: July 5, 2026
Security is core to building software for financial businesses. This page describes our general approach and how to report a vulnerability.
Our approach
- Encryption in transit. Traffic to our sites and services is served over TLS.
- Least privilege. Access to systems and data is limited to what is needed and is reviewed.
- Data minimization. We aim to collect and retain only the data a task requires.
- Auditability. Our products are designed so that sensitive actions are logged and reviewable.
- Trusted infrastructure. We build on established cloud and edge providers and keep dependencies current.
Product-specific security details, including any certifications, are shared with customers under a product agreement.
Responsible disclosure
If you believe you have found a security vulnerability in one of our sites or products, we want to hear from you. Please email hello@nyxfoundry.com with a clear description and steps to reproduce.
We ask that you:
- Give us a reasonable chance to investigate and fix the issue before disclosing it publicly.
- Avoid accessing, modifying, or deleting data that is not yours, and avoid degrading our services.
- Do not run automated tests that generate significant load, and do not attempt denial-of-service, social engineering, or physical attacks.
For good-faith research that follows these guidelines, we will not pursue legal action, we will work with you on a fix, and we are glad to credit you if you wish. We do not currently run a paid bounty program.
Contact
Security reports and questions: hello@nyxfoundry.com.