How Nexora keeps every customer's data, prompts, and traces isolated end-to-end.
Isolation by default
Tenants are isolated at the storage, compute, and network layers; we never train on customer data and every access is audited. Isolation is not a setting you opt into on Nexora — it is the default posture of the platform, enforced by the runtime rather than by convention.
How isolation is enforced
- Storage: per-tenant encryption keys keep prompts, documents, and traces separated at rest.
- Compute: agent runs execute in sandboxes scoped to a single tenant's resources.
- Network: tool calls egress only to the destinations your policy allows.
- Audit: every read and write is logged to an immutable trail you can export.
What this means for you
Your data stays yours: it is never used to train shared models, and it is never visible to another customer. Retention is configurable, deletion is honoured end-to-end, and the same guarantees hold whether you run on our cloud or in a dedicated deployment. Security teams can review the full audit trail without filing a ticket.
