How we keep your data secure
We built Civic Nexus with security and data protection in mind from the beginning. Whether you’re using the Nexus Chat interface or connecting directly through our APIs, we apply the same security and privacy standards across every interaction.
Encryption and data protection
We encrypt all communications between your systems, Civic services, and any authorized third-party providers using industry-standard protocols. This ensures your data stays confidential and protected from unauthorized access.
Robust token and session handling
We manage all access tokens on your behalf, so you don’t need to handle token infrastructure yourself. Tokens are fully encrypted and never exposed to end users or other clients. You always control your authorizations. You can revoke access to connected services at any time, and those changes take effect immediately.
Isolated, temporary environments
When Civic Nexus processes a request or runs a tool, it does so in isolated, temporary computing environments. These environments exist only for the duration of the task and are automatically deleted once complete.
Controlled integrations
When you connect Civic Nexus to third-party tools or APIs, those integrations operate only under the permissions and credentials you provide. You decide what’s shared and with which services. We never access or transmit data beyond what you’ve authorized.
Infrastructure and access controls
We follow a zero-trust model: every request is authenticated and authorized, and system access is limited to only what’s needed. Our infrastructure is continuously monitored and maintained through vulnerability scanning, dependency management, and code reviews. Each MCP server is reviewed and monitored before being added to the Civic Nexus environment. We also conduct regular security audits and penetration testing, backed by 24/7 incident monitoring.
Independently certified under Google’s CASA program
We are certified under Google’s Cloud Application Security Assessment (CASA) Tier 2 program, giving you independent assurance that our platform meets rigorous, industry-standard security controls with no high-risk findings. This validation confirms that we protect your workflows and data to the highest standards.
Compliance
We design Civic Nexus to align with widely recognized security and privacy frameworks. For more information, see our legal disclosures.
