Nexogen AI
Encryption & Security
Enterprise-grade encryption protecting your data at rest and in transit across all platforms
Security Status: EXCELLENT
Your application is fully secured with industry-leading encryption standards
Encryption at Rest
All sensitive data is encrypted before storage using AES-GCM 256-bit encryption
Database Encryption
- AES-GCM 256-bit encryption
- PBKDF2 key derivation (100,000 iterations)
- Unique salt and IV for each encryption
- Client-side encryption before storage
File Storage Encryption
- Audio files encrypted before upload
- Metadata encryption included
- Secure key generation per user
- Local storage encryption (mobile)
Encryption in Transit
TLS 1.3 encryption for all communications with secure cipher suites
Backend Services
TLS 1.3All API endpoints
RSA 4096-bitCertificate keys
AES-GCMCipher suites
CHACHA20Alternative ciphers
Frontend & Mobile
- HTTPS-only communications
- Secure WebSocket connections
- Certificate pinning support
- CORS security headers
SSL/TLS Certificates
Enterprise-grade certificates for all backend services
Main Backend
✅ cert.pem
✅ key.pem
✅ chain.pem
Notes Service
✅ cert.pem
✅ key.pem
✅ fullchain.pem
Summary Service
✅ cert.pem
✅ key.pem
✅ chain.pem
✅ fullchain.pem
Certificate Specifications
Algorithm: RSA 4096-bit
Valid Period: 1 year
Subject: transcrib.local
Key Usage: Digital signature, Key encipherment
Valid Period: 1 year
Subject: transcrib.local
Key Usage: Digital signature, Key encipherment
Extended Key Usage: Server & Client auth
SANs: localhost, *.transcrib.local
Signature: SHA-256
Compliance: TLS 1.3
SANs: localhost, *.transcrib.local
Signature: SHA-256
Compliance: TLS 1.3
Security Headers & Configuration
Comprehensive security headers and configurations protecting your application
HTTP Security Headers
HSTSStrict-Transport-Security: max-age=31536000
CSPContent-Security-Policy
X-Frame-OptionsDENY
X-Content-Type-Optionsnosniff
Referrer-Policystrict-origin-when-cross-origin
CORS Configuration
Allowed origins: nexogen.app, localhost
Credentials: true
Methods: GET, POST, PUT, DELETE, OPTIONS
Headers: Content-Type, Authorization, X-Request-ID
Input Validation & Security
Comprehensive input validation and security measures
Audio File Validation
- Maximum file size: 100MB
- Maximum duration: 1 hour
- Allowed formats: WAV, MP3, M4A, FLAC, OGG, WEBM
- Base64 validation
Text Input Validation
- Maximum length: 100KB
- XSS protection
- Script injection prevention
- Rate limiting: 100 requests/hour
Compliance & Standards
Meeting industry security standards and compliance requirements
TLS 1.3
Latest TLS standard with perfect forward secrecy
AES-GCM
Authenticated encryption with 256-bit keys
PBKDF2
100,000 iterations for key derivation
Security Best Practices
How we maintain the highest security standards
For Users
- • Use strong, unique passwords
- • Enable two-factor authentication when available
- • Keep your encryption keys secure
- • Regularly update your applications
- • Use HTTPS connections only
For Developers
- • All data encrypted before storage
- • TLS 1.3 for all communications
- • Input validation on all endpoints
- • Rate limiting to prevent abuse
- • Regular security audits