Security review contact
Ask architecture, controls, and rollout questions.
Trust center
A security model designed to keep readable customer content out of the service path.
NexFade protects sensitive files and notes while keeping the workflow reviewable and operable.
Architecture and operations
The security boundary is narrow on purpose.
The service is designed to handle the secure-link workflow while storing only the metadata needed for operation.
Service boundary
Readable contents stay outside the normal service path
Files and notes are protected in the browser before upload. The service is designed to run the workflow without storing the readable customer document in normal operation.
Recipient flow
Recipient access is designed around intent
Recipient pages explain link state and wait for deliberate action before requesting the protected payload, which helps avoid accidental one-time consumption from previews or background fetches.
Operations
Operational safeguards stay focused
Rate limits, narrow logs, provider-managed secrets, security headers, and cleanup routines support the platform without unnecessary ceremony.
Review posture
Security review posture stays explicit
SOC 2 Type II is in progress, and NexFade is structured to support GDPR and privacy review with direct answers about stored data, lifecycle handling, and operational boundaries.
What the service still needs
Workspace ownership, lifecycle state, billing records, encrypted object references, and limited abuse-control signals needed to run the platform responsibly.
What the service is designed to avoid
Readable file or note contents, plus the fragment needed to reconstruct them later on the server side.
Reviewer intake
Built for security, IT, and firewall review.
NexFade is secure-link software for sensitive files and notes — not an anonymous file host or bulk-mail service.
Abuse and phishing reports
Send misuse, impersonation, or phishing reports here. Include the affected URL, screenshots, and any firewall or browser warning text.
FAQ
Questions security reviewers usually ask.
Can NexFade recover contents if a link fragment is lost?
No. The design intentionally keeps the decryption fragment out of server-side storage and request handling.
What metadata does the platform still need?
Workspace ownership, billing state, expiration details, lifecycle status, encrypted object references, and limited abuse-control signals needed to operate responsibly.
Is one-time access only a UX convention?
No. The lifecycle logic enforces one-time behavior after a successful intentional open, while the recipient flow is designed to avoid unnecessary accidental burns.
What is the current compliance posture?
NexFade can support privacy and security review directly, including questions about stored data, lifecycle handling, and the formal review path.
What does review support look like in practice?
Security, IT, and procurement teams can route questions directly to NexFade for architecture, data-handling, rollout, and trust-boundary answers.
Security review
Bring NexFade into review for direct answers.
We answer architecture, controls, and rollout questions directly.
Direct review path
Contact the security desk.
Ask about architecture, lifecycle controls, operational posture, rollout fit, or how to route a formal security review.