security & compliance
Security that goesall the way down.
Modern, defense-in-depth protection for the AI systems, software, and infrastructure we build and run — written for the people whose job is to check.
advanced capabilities
The methods a modern attacker actually runs into.
Zero Trust architecture
Every request is authenticated and authorized on its own merits. Being “inside” the network grants nothing by itself.
mTLS · least privilege · microsegmentation
Extended detection & response
Endpoint, network, and cloud signals are correlated in one place, so a real attack stands out from the daily noise.
XDR · EDR · behavioural analytics
SIEM + SOAR automation
Centralized, tamper-evident logging with automated playbooks that contain threats in seconds, not hours.
log pipeline · auto-triage · runbooks
Passkeys & phishing-resistant MFA
Passwordless FIDO2 / WebAuthn and hardware keys — credentials that can’t be phished, replayed, or reused.
FIDO2 · WebAuthn · hardware tokens
Post-quantum cryptography
Crypto-agile, hybrid post-quantum key exchange — so traffic captured today can’t be decrypted by tomorrow’s computers.
ML-KEM (Kyber) · hybrid TLS · crypto-agility
Confidential computing
Sensitive data stays encrypted even while it is being processed, inside attested, hardware-isolated enclaves.
TEEs · encryption-in-use · attestation
Software supply-chain security
Every dependency scanned, every build signed, full provenance from source commit to running production.
SBOM · SLSA · Sigstore signing
Cloud-native runtime defense
Kernel-level (eBPF) runtime detection and cloud posture management catch drift and live threats inside containers.
eBPF · CNAPP · IaC scanning
Privileged access management
Just-in-time, time-boxed access to production — no standing admin rights, and every session is recorded.
JIT access · session recording · secrets vault
encryption
Encrypted in every state.
In transit
TLS 1.3 and mutual TLS between services, with perfect forward secrecy on every connection.
TLS 1.3 · mTLS · PFS
At rest
AES-256 on storage and backups, with keys held in a managed KMS / HSM and rotated on a schedule.
AES-256 · KMS / HSM · key rotation
In use
Confidential computing keeps data encrypted while it is being processed, inside attested hardware enclaves.
TEEs · enclaves · attestation
Quantum-ready. We deploy crypto-agile, hybrid post-quantum key exchange (ML-KEM) so encrypted traffic captured today cannot be quietly decrypted by tomorrow's hardware.
how the nintech platform is built
Identity & access
Role-based access throughout the portal; every admin action is permission-checked server-side on every request.
Session security
Session tokens are stored hashed (SHA-256), httpOnly, and expire automatically. Authentication is rate-limited.
Least-privilege ops
Fulfilment engineers get access scoped to the ticket at hand. Production credentials are never shared accounts.
Secure SDLC
Changes ship behind automated tests and dependency, secret, and static-analysis scanning before they reach production.
incident response
01
< 5 min
Detect
24/7 monitoring alarms on uptime, latency, backup health, and anomalous behaviour.
02
within SLA
Triage
A named engineer owns the incident, assesses blast radius, and opens your ticket with findings.
03
target < 4 hrs
Resolve
Fix, verify, and a written post-incident review in the same ticket thread.
data, residency & gdpr
Residency
Choose London, Frankfurt, or Virginia per server. UK/EU-only residency is available for regulated workloads.
Retention
Server data is retained until you cancel; we schedule shutdown with you and provide a final export before decommissioning.
UK GDPR
We act as processor for data on client infrastructure and align handling with UK GDPR. A DPA is available on request.
support tiers & slas
| Tier | Uptime target | First response | Escalation |
|---|---|---|---|
| VPS & Game | 99.9% | Next business day | Ticket escalation |
| GPU & Managed Scale | 99.95% | 4 business hours | Senior engineer |
| Managed Enterprise | 99.99% | 1 hour | Named engineer + phone bridge |
frameworks we map to
We describe our posture in the language auditors already use — mapped to recognised standards, with honest status on each.
Cyber Essentials Plus
UK government-backed baseline — certification in progress.
UK GDPR
Aligned data handling; a Data Processing Agreement is available on request.
ISO 27001
Information-security management system roadmap underway.
NIST CSF 2.0
Controls mapped across Govern, Identify, Protect, Detect, Respond, Recover.
CIS Controls v8
Prioritised safeguards implemented across the platform and fleet.
OWASP ASVS
Application Security Verification Standard applied to every build.
Responsible AI
Client AI systems ship behind evaluation gates, with human review points on consequential actions. We never train models on one client's data for another's benefit, and we document model behaviour and known limitations as part of every handover.
Vulnerability disclosure
Found something? Email security@nintech.io. We acknowledge within one business day, keep you informed through remediation, and credit researchers who report responsibly.