Built for data your team cannot afford to leak.
Nekroi handles sensitive investigative data by design. Security is not a feature we added, it is a constraint on how the whole platform is built.
Identity and access
Every account is provisioned by an administrator, there is no public sign up. Multi factor authentication is required for administrative roles. Sessions are short lived, revocable at any time, and never carry authorization state that a client could tamper with.
Role and classification based access control
Access is enforced at the role level, the individual object level, and the property level. Classified data is filtered out of search results, graph views, and exports before it ever reaches a user without the clearance to see it.
Encryption
Data is encrypted in transit everywhere. At rest, storage is encrypted by the platform, and the most sensitive individual values are additionally encrypted at the application layer.
Audit logging
Every read, write, search, view, and action is recorded with the user, timestamp, and target. The audit log is append only: once written, an entry cannot be altered or deleted.
Network and application defenses
Web application firewall rules, bot management, and rate limiting sit in front of the platform. Behind them, every request is independently verified by the application itself, so the platform does not depend on any single layer to stay closed to unauthenticated access.
Separation by design
This marketing site and the Nekroi platform are built and deployed as entirely separate services with separate infrastructure. This site holds no customer data and has no path to reach any.
Where we are today.
Nekroi is architected around the practices described above from the ground up. We do not currently hold a SOC 2 or similar third party certification. This page will be updated as that work completes and reports become available. If your organization needs specific documentation to evaluate us, contact us and we will work through it directly.