How Nexora keeps every customer's data, prompts, and traces isolated end-to-end.

Isolation by default

Tenants are isolated at the storage, compute, and network layers; we never train on customer data and every access is audited. Isolation is not a setting you opt into on Nexora — it is the default posture of the platform, enforced by the runtime rather than by convention.

How isolation is enforced

  • Storage: per-tenant encryption keys keep prompts, documents, and traces separated at rest.
  • Compute: agent runs execute in sandboxes scoped to a single tenant's resources.
  • Network: tool calls egress only to the destinations your policy allows.
  • Audit: every read and write is logged to an immutable trail you can export.

What this means for you

Your data stays yours: it is never used to train shared models, and it is never visible to another customer. Retention is configurable, deletion is honoured end-to-end, and the same guarantees hold whether you run on our cloud or in a dedicated deployment. Security teams can review the full audit trail without filing a ticket.