Security Policy | NexNodo Legal

This Security Policy ("Security Policy") describes the security practices, operational safeguards, technical controls, and security principles implemented by NexNodo Inc. ("NexNodo", "we", "our", or "us") in connection with the NexNodo platform, infrastructure orchestration systems, Marketplace, APIs, cloud infrastructure services, AI infrastructure services, Kubernetes infrastructure, GPU infrastructure, MCP systems, and related products and services (collectively, the "Services").

This Security Policy is intended to provide Customers, Infrastructure Providers, Vendors, partners, and users with an overview of NexNodo's approach to security, operational integrity, infrastructure protection, and platform reliability.

This Security Policy does not create contractual guarantees, warranties, certifications, or binding security obligations unless explicitly stated in a separate written agreement executed by NexNodo.

1. Security Overview

NexNodo operates a distributed cloud infrastructure orchestration and marketplace platform enabling Customers to provision and manage compute infrastructure, GPU infrastructure, Kubernetes clusters, AI infrastructure, storage systems, Marketplace applications, AI workloads, MCP servers, and related cloud services through a unified orchestration environment.

NexNodo implements commercially reasonable administrative, technical, organizational, and operational safeguards intended to support the confidentiality, integrity, availability, and security of the Services and associated operational systems.

Because NexNodo operates a distributed infrastructure ecosystem involving independent Infrastructure Providers, Vendors, Marketplace applications, third-party integrations, AI systems, and Customer-managed workloads, Customers additionally remain responsible for securing their own workloads, applications, deployments, configurations, data, credentials, and infrastructure environments.

2. Shared Responsibility Model

Security within the NexNodo ecosystem operates under a shared responsibility model.

NexNodo is generally responsible for security of:

the NexNodo platform,
orchestration systems,
Marketplace infrastructure,
platform APIs,
account systems,
operational systems,
and NexNodo-controlled environments.

Customers remain responsible for security of:

Customer Workloads,
Kubernetes configurations,
AI agents,
MCP servers,
deployed applications,
datasets,
prompts,
generated outputs,
network policies,
encryption configurations,
API credentials,
access permissions,
storage environments,
backup management,
and Customer-managed infrastructure environments.

Infrastructure Providers remain responsible for physical infrastructure security, data center operations, networking infrastructure, hardware maintenance, environmental controls, and provider-controlled operational systems.

Marketplace Vendors remain responsible for security, maintenance, operational integrity, licensing compliance, and software behavior associated with Vendor-provided applications, integrations, connectors, AI systems, MCP servers, and related Marketplace offerings.

3. Administrative Security Controls

NexNodo maintains commercially reasonable administrative security practices intended to support operational security and platform integrity.

Administrative safeguards may include internal access management procedures, least-privilege principles, infrastructure change management, operational approval procedures, vendor management practices, security awareness processes, operational governance activities, incident response procedures, and security review processes.

Access to sensitive systems and operational environments is generally restricted to authorized personnel with a legitimate operational or business need for access.

4. Technical Security Measures

NexNodo implements commercially reasonable technical safeguards intended to protect platform operations, infrastructure integrity, APIs, orchestration systems, AI infrastructure systems, Marketplace functionality, and operational reliability.

Security measures may include:

encryption technologies,
authentication systems,
access controls,
infrastructure isolation,
network segmentation,
workload isolation mechanisms,
API security controls,
monitoring systems,
logging systems,
denial-of-service mitigation systems,
intrusion detection technologies,
abuse prevention systems,
infrastructure telemetry,
vulnerability management processes,
rate limiting systems,
operational alerting systems,
and security auditing processes.

5. Authentication and Access Management

NexNodo supports account authentication through email/password authentication, Google authentication, GitHub authentication, GitLab authentication, multi-factor authentication ("MFA"), two-factor authentication ("2FA"), and related identity providers or authentication systems supported by the Services.

Customers are responsible for maintaining credential confidentiality, protecting authentication devices, safeguarding MFA/2FA recovery methods, securing API keys, protecting authentication tokens, managing user access, implementing strong password practices, monitoring account activity, and maintaining appropriate access management practices associated with their Accounts and infrastructure environments.

Customers are strongly encouraged to enable MFA/2FA for all Accounts and administrative environments where available.

6. Infrastructure Security

NexNodo operates a distributed infrastructure orchestration model involving Infrastructure Providers, cloud providers, Marketplace systems, AI infrastructure systems, Kubernetes infrastructure, GPU infrastructure, and related operational environments.

NexNodo implements commercially reasonable infrastructure security measures intended to preserve platform integrity, isolate workloads, secure orchestration systems, protect APIs, maintain operational continuity, reduce abuse risks, and support operational stability.

Infrastructure availability and operational security may additionally depend on independent Infrastructure Providers, Vendors, cloud providers, network operators, and third-party systems outside NexNodo's direct operational control.

7. AI Infrastructure Security

NexNodo may provide AI-related infrastructure services including GPU inference environments, LLM deployment systems, AI orchestration environments, AI agents, MCP integrations, vector databases, automation systems, inference APIs, and related AI infrastructure functionality.

NexNodo may implement operational safeguards intended to protect AI infrastructure, preserve GPU availability, monitor abuse, secure orchestration systems, detect malicious workloads, maintain infrastructure integrity, enforce operational limitations, and support responsible AI operations.

Customers remain solely responsible for prompts, datasets, generated outputs, AI agent behavior, automation workflows, MCP integrations, model behavior, and AI-related operational risks associated with Customer workloads.

8. Monitoring and Logging

NexNodo may monitor, log, collect, analyze, and retain operational telemetry and infrastructure activity relating to use of the Services for purposes including platform security, infrastructure protection, abuse prevention, operational diagnostics, fraud detection, incident response, system reliability, performance optimization, Marketplace operations, AI infrastructure protection, legal compliance, and operational analytics.

9. Vulnerability Management

NexNodo maintains commercially reasonable vulnerability management and security review practices intended to identify, assess, prioritize, mitigate, and remediate vulnerabilities affecting NexNodo-controlled systems.

Security activities may include vulnerability assessments, infrastructure reviews, dependency monitoring, software updates, patch management, penetration testing, infrastructure maintenance, security audits, operational security analysis, and coordinated vulnerability disclosure processes.

Security researchers may report vulnerabilities in accordance with the NexNodo Vulnerability Disclosure Policy.

10. Incident Response

NexNodo maintains incident response processes intended to support investigation, containment, mitigation, remediation, and recovery relating to security incidents affecting NexNodo-controlled systems.

Incident response activities may include infrastructure isolation, operational investigation, forensic analysis, remediation activities, workload restrictions, Vendor coordination, Infrastructure Provider coordination, customer notifications, legal review, and law enforcement cooperation where appropriate.

11. Encryption and Data Protection

NexNodo may use encryption technologies and related security measures intended to protect information in transit and at rest where commercially reasonable and operationally appropriate.

Customers remain responsible for securing sensitive data, implementing encryption practices, managing encryption keys, protecting Customer Workloads, securing datasets, and implementing appropriate security controls for Customer-managed environments.

12. Marketplace and Third-Party Services

NexNodo does not control and is not responsible for the security practices, operational controls, infrastructure integrity, software behavior, or data handling activities of independent third parties outside NexNodo's operational control.

Customers should independently evaluate the security, reliability, operational practices, and compliance posture of Marketplace applications, Vendors, Infrastructure Providers, and third-party integrations before use.

13. Customer Security Responsibilities

Customers remain responsible for securing workloads, protecting credentials, managing user access, configuring Kubernetes security, implementing network policies, securing APIs, managing encryption keys, implementing backup systems, maintaining disaster recovery procedures, validating AI-generated outputs, monitoring AI agents, reviewing Marketplace applications, and maintaining appropriate operational security controls associated with Customer environments.

Customers additionally remain responsible for compliance with applicable privacy laws, cybersecurity laws, export regulations, AI regulations, industry standards, contractual obligations, and internal compliance requirements.

14. Vulnerability Disclosure

NexNodo encourages responsible disclosure of security vulnerabilities affecting NexNodo-controlled systems. Security vulnerabilities may be reported in accordance with the NexNodo Vulnerability Disclosure Policy available through the NexNodo website.

15. No Warranty

While NexNodo implements commercially reasonable safeguards intended to support the security and reliability of the Services, no infrastructure environment, cloud platform, Marketplace ecosystem, AI system, network, software environment, or operational system can guarantee absolute security, uninterrupted availability, or protection against all threats or vulnerabilities.

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND.

NexNodo does not warrant that the Services will be secure, that vulnerabilities will never occur, that attacks will never happen, that security incidents will never occur, or that Customer Workloads will remain immune from unauthorized access or compromise.

16. Changes to this Security Policy

NexNodo may revise, update, amend, or modify this Security Policy from time to time to reflect changes in legal requirements, infrastructure architecture, operational practices, Marketplace functionality, AI-related services, security technologies, or business operations.

Updated versions will be posted on the NexNodo website with revised effective dates.

Continued use of the Services following publication of revised policies constitutes acceptance of the updated Security Policy.

17. Contact Information

Security-related inquiries may be directed to: support@nexnodo.com

Vulnerability reports may be submitted in accordance with the NexNodo Vulnerability Disclosure Policy.

General legal inquiries: support@nexnodo.com

NexNodo Inc.
2810 N Church St
STE 88715
Wilmington, DE 19802
United States

Website: https://www.nexnodo.com