Security

Data in transit

All traffic between your browser and Nudgent is encrypted with TLS 1.2 or higher. Internal traffic between Nudgent services and our sub-processors uses TLS as well.

Data at rest

Your account data, audit history, and captured screenshots are stored in Supabase. Supabase manages encryption at rest for the database and object storage. See supabase.com/security for their compliance posture (SOC 2 Type II, ISO 27001, HIPAA-eligible).

Authentication

User authentication is handled by Supabase Auth. Passwords are never stored in plaintext; they are hashed using a secure scheme. Sessions are managed via signed, http-only cookies.

Data isolation

All user-scoped database tables enforce Row-Level Security. Audit data, account records, and stored screenshots are accessible only to the account that owns them and to Nudgent staff for support and quality review.

How URL captures work

When you submit a URL, Nudgent loads the page in an automated browser running in a serverless function. The capture takes a screenshot, extracts the structured DOM, and stores both in Supabase Storage tied to your audit. We do not log into accounts on your behalf, and we do not capture pages that require authentication.

Sub-processors

Nudgent operates on the following infrastructure. Each provider lists their compliance posture publicly:

• Anthropic — model provider for the analysis engine. trust.anthropic.com
• Vercel — application hosting and CDN. vercel.com/security
• Supabase — authentication, database, and object storage. supabase.com/security
• Resend — transactional email delivery. resend.com/legal/security

Reporting a vulnerability

If you find a security issue, please email hello@nudgent.com with details. We will respond within two business days. Please do not publish details until we have had a chance to address the issue.

On our roadmap, not yet in place

We are an early-stage product. The following are explicitly not in place today, and we do not claim them:

• SOC 2 Type II attestation
• Single sign-on (SAML / SCIM) for enterprise teams
• Dedicated audit-log retention beyond infrastructure defaults
• Customer-managed encryption keys

If your procurement process requires any of these and you are evaluating Nudgent for a paid plan, email hello@nudgent.com and we will share our timeline.