Skip to content
NINTECH

security & compliance

Security that goesall the way down.

Modern, defense-in-depth protection for the AI systems, software, and infrastructure we build and run — written for the people whose job is to check.

Cyber Essentials Plus (in progress)UK GDPR alignedISO 27001 roadmap

advanced capabilities

The methods a modern attacker actually runs into.

Zero Trust architecture

Every request is authenticated and authorized on its own merits. Being “inside” the network grants nothing by itself.

mTLS · least privilege · microsegmentation

Extended detection & response

Endpoint, network, and cloud signals are correlated in one place, so a real attack stands out from the daily noise.

XDR · EDR · behavioural analytics

SIEM + SOAR automation

Centralized, tamper-evident logging with automated playbooks that contain threats in seconds, not hours.

log pipeline · auto-triage · runbooks

Passkeys & phishing-resistant MFA

Passwordless FIDO2 / WebAuthn and hardware keys — credentials that can’t be phished, replayed, or reused.

FIDO2 · WebAuthn · hardware tokens

Post-quantum cryptography

Crypto-agile, hybrid post-quantum key exchange — so traffic captured today can’t be decrypted by tomorrow’s computers.

ML-KEM (Kyber) · hybrid TLS · crypto-agility

Confidential computing

Sensitive data stays encrypted even while it is being processed, inside attested, hardware-isolated enclaves.

TEEs · encryption-in-use · attestation

Software supply-chain security

Every dependency scanned, every build signed, full provenance from source commit to running production.

SBOM · SLSA · Sigstore signing

Cloud-native runtime defense

Kernel-level (eBPF) runtime detection and cloud posture management catch drift and live threats inside containers.

eBPF · CNAPP · IaC scanning

Privileged access management

Just-in-time, time-boxed access to production — no standing admin rights, and every session is recorded.

JIT access · session recording · secrets vault

encryption

Encrypted in every state.

In transit

TLS 1.3 and mutual TLS between services, with perfect forward secrecy on every connection.

TLS 1.3 · mTLS · PFS

At rest

AES-256 on storage and backups, with keys held in a managed KMS / HSM and rotated on a schedule.

AES-256 · KMS / HSM · key rotation

In use

Confidential computing keeps data encrypted while it is being processed, inside attested hardware enclaves.

TEEs · enclaves · attestation

Quantum-ready. We deploy crypto-agile, hybrid post-quantum key exchange (ML-KEM) so encrypted traffic captured today cannot be quietly decrypted by tomorrow's hardware.

how the nintech platform is built

Identity & access

Role-based access throughout the portal; every admin action is permission-checked server-side on every request.

Session security

Session tokens are stored hashed (SHA-256), httpOnly, and expire automatically. Authentication is rate-limited.

Least-privilege ops

Fulfilment engineers get access scoped to the ticket at hand. Production credentials are never shared accounts.

Secure SDLC

Changes ship behind automated tests and dependency, secret, and static-analysis scanning before they reach production.

incident response

01

< 5 min

Detect

24/7 monitoring alarms on uptime, latency, backup health, and anomalous behaviour.

02

within SLA

Triage

A named engineer owns the incident, assesses blast radius, and opens your ticket with findings.

03

target < 4 hrs

Resolve

Fix, verify, and a written post-incident review in the same ticket thread.

data, residency & gdpr

Residency

Choose London, Frankfurt, or Virginia per server. UK/EU-only residency is available for regulated workloads.

Retention

Server data is retained until you cancel; we schedule shutdown with you and provide a final export before decommissioning.

UK GDPR

We act as processor for data on client infrastructure and align handling with UK GDPR. A DPA is available on request.

support tiers & slas

TierUptime targetFirst responseEscalation
VPS & Game99.9%Next business dayTicket escalation
GPU & Managed Scale99.95%4 business hoursSenior engineer
Managed Enterprise99.99%1 hourNamed engineer + phone bridge

frameworks we map to

We describe our posture in the language auditors already use — mapped to recognised standards, with honest status on each.

Cyber Essentials Plus

UK government-backed baseline — certification in progress.

UK GDPR

Aligned data handling; a Data Processing Agreement is available on request.

ISO 27001

Information-security management system roadmap underway.

NIST CSF 2.0

Controls mapped across Govern, Identify, Protect, Detect, Respond, Recover.

CIS Controls v8

Prioritised safeguards implemented across the platform and fleet.

OWASP ASVS

Application Security Verification Standard applied to every build.

Responsible AI

Client AI systems ship behind evaluation gates, with human review points on consequential actions. We never train models on one client's data for another's benefit, and we document model behaviour and known limitations as part of every handover.

Vulnerability disclosure

Found something? Email security@nintech.io. We acknowledge within one business day, keep you informed through remediation, and credit researchers who report responsibly.

Security & Compliance — Nintech