Trust Center
Overview
This page is the single reference point for anyone evaluating Noxys from a security, privacy, or compliance perspective — CISOs running vendor due diligence, procurement teams filling security questionnaires, or auditors requesting evidence. It is maintained as a factual record, not a marketing document. When an item is not yet in place, it is stated explicitly with a target timeframe.
The Trust Center is reviewed and updated at least once per quarter, and whenever a material change occurs (new sub-processor, new certification, new region, incident disclosure). For artefacts not published here — for example a signed DPA, SOC 2 gap analysis, or penetration test report — write to security@noxys.eu. Requests are acknowledged within one business day.
Security principles
These principles are non-negotiable commitments built into the product architecture. They are the same across Cloud and self-hosted deployments.
- Privacy by design. Raw prompt content never leaves the browser extension in plaintext. The backend only receives SHA-256 hashes, PII classifications, and metadata (user, platform, tenant, timestamp). There is no code path on the server that can reconstruct the original prompt from what it stores.
- Sovereignty first. Noxys Cloud runs on EU infrastructure by default, operated by an EU-owned provider. There are no mandatory US cloud dependencies. Customers subject to sovereignty constraints can self-host entirely within their own infrastructure.
- Cloud-agnostic Kubernetes deployment. The platform is packaged as a Helm chart and a Docker Compose bundle. It runs on any conformant Kubernetes distribution — managed or on-premise — without vendor lock-in.
- Deterministic fallback. Noxys uses machine learning for detection (Tier 2 and Tier 3 classifiers), but it is never AI-dependent. If every ML component is unavailable, the Tier 1 regex engine in the extension still enforces policies. A degraded classifier never produces a silent failure.
- Separation of concerns. The policy engine evaluates classifications and metadata only; it has no knowledge of specific AI platform internals. Adding or removing a platform does not touch policy code, and policy changes cannot corrupt platform integrations.
Data processing and storage
The table below lists every category of data Noxys handles, with retention, storage region, encryption state, and access controls. Retention values marked "default" are configurable per tenant.
| Data category | What it contains | Retention | Location | Encryption | Access |
|---|---|---|---|---|---|
| Prompt content (raw) | The text a user submits to an AI platform | Never stored. SHA-256 hash only | N/A | Hash is one-way | N/A |
| PII classifications | Detection results, tier, entity types, risk score — no raw values | 90 days (default) | EU (Scaleway FR) | TLS 1.3 in transit, AES-256 at rest | Tenant-scoped, RBAC |
| User identity | Email, display name, role, tenant ID | Lifetime of account + 30 days | EU (Scaleway FR) | bcrypt for passwords, AES-256 at rest | Tenant-scoped, RBAC |
| Audit log (AIInteraction records) | Decision metadata — who, when, platform, policy action, classification | 2 years (default, configurable) | EU (Scaleway FR) | AES-256 at rest | Tenant-scoped, Admin only |
| Billing data | Subscription plan, invoice metadata. No card data. | Lifetime of account + 7 years (legal) | Stripe (US) + EU mirror for invoices | TLS 1.3, Stripe PCI DSS Level 1 | Finance role |
| Backups | Encrypted snapshots of PostgreSQL and object storage | 30 days rolling | EU only | AES-256 | SRE on-call, break-glass audit |
| Operational logs | Application and infrastructure logs (no prompt content, no PII bodies) | 30 days | EU (Scaleway FR) | TLS 1.3, AES-256 at rest | SRE, audited |
Further detail on the classification pipeline and hashing scheme is available in Data handling and privacy.
Infrastructure and hosting
Noxys Cloud runs on a dedicated Kubernetes cluster hosted with Scaleway, the EU-owned cloud operator (Iliad group, French jurisdiction). Primary region is Paris (fr-par), with secondary availability in Amsterdam (nl-ams) for failover and regional isolation.
- Kubernetes-native. All services are deployed as Helm charts. A self-host Helm release and a Docker Compose bundle are published for customers who need full control.
- No hardcoded cloud dependencies. The platform uses only portable primitives — Kubernetes, PostgreSQL, Redis/Valkey, S3-compatible object storage. Replacing any one of these does not require application changes.
- Redis licensing. Current deployments use Redis under its standard distribution terms. If a licensing constraint arises, the platform is compatible with Valkey (BSD license, fully API-compatible) as a drop-in replacement.
- Container supply chain. All images are published to GitHub Container Registry (GHCR) and signed with Cosign. Deployment manifests verify signatures before admitting images to the cluster, which closes the image-substitution attack class.
- Network isolation. Application services run in private subnets behind a hardened ingress. Only the ingress, the authentication endpoints, and the public API are exposed publicly.
See Architecture overview for a component-level diagram.
Compliance and certifications
| Framework | Status | Notes |
|---|---|---|
| GDPR | In place | DPA template, records of processing, sub-processor list, data subject request workflow |
| EU AI Act (Reg. 2024/1689) | In place | Article-by-article mapping below |
| SOC 2 Type II | Planned — 2026-Q4 | Pre-audit controls implemented. Auditor selection in progress. Gap analysis available on request. |
| ISO 27001 | Roadmap | Gap analysis planned 2026-Q3. Certification target 2027. |
| NIS2 | Supportive controls in place | Customers in scope can meet NIS2 obligations when using Noxys; Noxys itself is not currently a designated essential entity. |
| HDS (French Health Data Host) | Out of scope for current version. Planned Phase 2 — no date committed. | Required only for health data workloads. |
| HIPAA / HITRUST | Not in scope. Planned Phase 2 if US healthcare demand materialises. | No BAA currently available. |
| PCI DSS | Not applicable directly — Stripe handles all card data. | Noxys operates at minimum PCI scope (SAQ-A). |
EU AI Act coverage
Noxys supports the following articles of Regulation 2024/1689. The full compliance mapping is in Compliance mapping.
| Article | Topic | How Noxys helps |
|---|---|---|
| Article 4 | AI literacy | Admin and user documentation, in-product guidance via the Coach action |
| Article 9 | Risk management for high-risk systems | Risk scoring per interaction, tiered classification pipeline |
| Article 10 | Data governance | PII classification metadata, data minimisation (hash-only storage) |
| Article 13 | Transparency to deployers | Audit log, classification details, platform identification |
| Article 14 | Human oversight | Admin dashboards, alerts, policy override, Coach interactions |
| Article 15 | Accuracy, robustness, cybersecurity | Deterministic Tier 1 fallback, classifier versioning, signed images |
| Article 16 | Obligations of providers | DPA, processing records, sub-processor disclosure |
| Article 17 | Quality management system | Documented development and release process, change management |
Sub-processors
Noxys maintains a current list of all third parties that process customer data or metadata. Customers are notified at least 30 days before any addition or change. The authoritative list is available to existing customers in the admin console; the table below reflects the current state.
| Sub-processor | Purpose | Region | DPA | Exit plan |
|---|---|---|---|---|
| Scaleway SAS | Primary hosting (compute, storage, managed Postgres) | France (EU) | Signed, EU SCCs included | Any Kubernetes cluster — Helm chart portable |
| PostgreSQL (Scaleway managed) | Primary datastore | France (EU) | Covered by Scaleway DPA | Standard PostgreSQL — dump/restore to any provider |
| Stripe Payments Europe, Ltd. | Subscription billing and invoicing | Ireland (EU entity) with US parent | Signed, EU SCCs included | Replaceable with EU billing provider (Lemon Squeezy EU, Paddle) — work not yet started, tracked on Phase 2 roadmap |
| Cloudflare, Inc. | Optional edge, WAF, DDoS mitigation | Customer-selectable; EU-only data residency available | Signed, EU SCCs included | Fully optional — can be disabled per tenant, ingress falls back to direct Scaleway load balancer |
| Resend / Postmark (transactional email) | Security notifications, account emails | EU region | Signed, EU SCCs included | Swappable SMTP backend |
| Sentry (self-hosted or EU tenant) | Error monitoring — scrubbed, no PII bodies | EU (self-hosted option) | Signed | Removable; structured logs sufficient for operations |
Stripe is currently retained despite its US parent because (a) the EU Stripe entity is the contractual counterparty, (b) no card or full PAN data is ever transmitted to or stored by Noxys, and (c) the available fully-EU alternatives do not yet match the required integration surface. This is revisited each quarter.
Cryptography
| Area | Scheme |
|---|---|
| Data in transit | TLS 1.3 end-to-end, HSTS preloaded, no TLS 1.0/1.1, no RSA key exchange, no downgrade negotiated |
| Public endpoints | Ed25519 / ECDSA P-256 server certificates, automated renewal |
| Data at rest (Postgres) | Encrypted volumes (AES-256) at the storage layer |
| Backups | AES-256, encrypted before leaving the primary region |
| Prompt fingerprinting | SHA-256, one-way, not reversible |
| Passwords | bcrypt with modern cost factor (reviewed annually) |
| Extension local storage | Auth tokens encrypted with AES-256-GCM via native browser WebCrypto. Plaintext tokens are never written to disk. |
| SAML SP private keys | PEM files on disk by default. See the SAML Key Hardening Guide for operator controls. Medium-term roadmap: KMS-backed storage via SAMLKeyProvider interface. |
| Session tokens | Short-lived JWT access tokens, refresh tokens with server-side revocation blacklist |
Access control and identity
- RBAC. Two built-in roles: Admin (manage users, policies, integrations, audit log) and Viewer (read-only dashboards and audit log). Tenant scoping is enforced at the data layer, not only at the API layer.
- SSO — OIDC. Available today. Any OIDC-compliant identity provider can be used (Entra ID, Okta, Keycloak, Google Workspace).
- SSO — SAML 2.0. Available today via a standards-compliant SAML library. Supports signed assertions, signed requests, and encrypted assertions.
- MFA. TOTP available today. Phishing-resistant authentication (WebAuthn / passkeys) is on the roadmap.
- Session management. JWT access tokens with short TTL, refresh tokens with revocation blacklist, forced logout on password change and role change.
- Administrative access. Noxys personnel access to production is break-glass only, logged, and reviewed monthly.
Security operations
- Vulnerability management. Dependencies are monitored continuously via Dependabot and equivalent tooling on the container images. Remediation SLAs: Critical within 7 days, High within 30 days, Medium within 60 days, Low opportunistically.
- Incident response. Documented runbook with on-call rotation. Customer notification of any confirmed personal data breach within 72 hours (GDPR Article 33), via email to the account admin and a status post on the Trust Center.
- Penetration testing. Planned — first external penetration test scheduled 2026-Q3, not yet completed. Internal security review and SAST run on every release.
- Bug bounty. No formal programme yet.
security@noxys.euis monitored and acknowledged within one business day. See Responsible disclosure for the safe harbour and coordinated disclosure terms. - Change management. All production changes are code-reviewed by at least two engineers, tested in a staging environment, and deployed via reproducible CI pipelines.
- Monitoring. Application metrics, security events, and infrastructure health are continuously monitored. Alerts route to on-call.
AI-specific risks and controls
This is where Noxys differs from a generic SaaS. The controls below address the risks that a traditional CASB or DLP cannot cover for generative AI.
Tiered classification pipeline
| Tier | Where it runs | What it sees | Typical latency | Purpose |
|---|---|---|---|---|
| Tier 1 | In the browser extension | Raw prompt (never leaves the machine) | < 10 ms | Regex and heuristic detection — emails, card patterns, secrets, API keys |
| Tier 2 | Backend classifier service | PII spans and classifications from Tier 1 — not raw prompt | 50–150 ms | Presidio-based entity recognition, policy decision |
| Tier 3 | Backend, async | Metadata + classifications | Async, seconds | Higher-accuracy small language model re-scoring, anti-prompt-injection (DeBERTa, on the roadmap) |
Tier 1 is the only component that ever sees the raw prompt. Tiers 2 and 3 receive only hashes and structured classifications.
Policy actions
The policy engine supports four actions. All four are first-class and capitalised consistently throughout the product and documentation.
- Block. Submission is prevented. User receives an explanation in the extension.
- Coach. Submission proceeds, but the user is shown an educational prompt explaining the risk before sending.
- Log. Silent audit only. Useful for baseline discovery phases.
- Redact. PII is replaced with a placeholder in the browser before submission. The raw values never leave the machine and never reach either the AI platform or the Noxys backend. This is the zero-friction default recommended for most production rollouts — it protects data without blocking the user's workflow.
Additional controls
- Default-deny for unknown AI services. An optional tenant policy that blocks any AI platform not on the approved list.
- Anti-prompt-injection. Planned as part of Tier 3 (DeBERTa classifier). Not yet shipped.
- Documented limitation — out-of-band exfiltration. Noxys gates the browser interaction between a user and an AI platform. It does not intercept API-level traffic from unmanaged applications, and it does not cover data exfiltration paths that bypass the browser (e.g. a user pasting data into a desktop AI client). This is an explicit scope boundary, not a bug. Customers with stricter requirements should layer Noxys with network-level controls.
Artefacts available on request
The following artefacts are maintained and released to qualified customers and prospects. Unless marked otherwise, NDA is required.
| Artefact | Availability | NDA required |
|---|---|---|
| Security whitepaper | Available | No |
| Architecture diagram (procurement version) | Available | No |
| DPA template | Available | No |
| Sub-processor list with change notification subscription | Available | No |
| Security questionnaire responses (CAIQ, SIG Lite) | Available | Yes |
| SOC 2 gap analysis | Available once auditor engagement starts | Yes |
| SOC 2 Type II report | Planned 2026-Q4 — not yet available | Yes (when available) |
| Penetration test report | Planned 2026-Q3 — not yet available | Yes (when available) |
| Business continuity and disaster recovery plan | Available | Yes |
| Vulnerability management policy | Available | Yes |
Request artefacts by writing to security@noxys.eu from a verifiable corporate domain.
Contact
- Security issues, disclosures, artefact requests — security@noxys.eu
- Product support — support@noxys.eu
- General inquiries — contact@noxys.eu
For coordinated vulnerability disclosure terms and safe harbour, see Responsible disclosure.