Skip to main content

Are documents and queries sent to third-party LLMs?

Yes, however you can configure only the LLM providers of your choice or connect Nexus to a self-hosted LLM.

Is any data used for model training?

There is no training or fine tuning of any models.

Where is my data stored?

Data storage location depends on your deployment choice. See the Data Storage page for more information.

Does Nexus have access to my data?

For self-hosted deployments, the Nexus team does not receive any of your team’s data. There is aggregated telemetry but this can also be turned off.

Does the app support SSO (SAML, OIDC, SCIM)?

SAML and OIDC are supported as part of the Community and Enterprise Editions of Nexus. SCIM is on the roadmap, please check with the team on the latest status.

What encryption standards does Nexus use?

Nexus Cloud uses AES-256-GCM for data at rest and TLS 1.3 for data in transit. For Self-hosted, the admin deploying the system is responsible for configuring these.

What is Nexus’s security incident notification process?

Security incidents are communicated to customers according to severity and impact, with detailed incident reports and remediation steps provided. For Community Edition users, incidents are shared via our standard community channels (Slack, Discord, Mailing-list)

Does the vendor cache, index, or replicate internal documents?

Yes, this indexing is required to provide the reliable context retrieval that is key to many core user flows.

How often are penetration tests performed? Are results available?

Penetration tests are done yearly and results are sharable upon execution of an NDA. Similarly, container scans are run regularly and results are available.

What compliance standards does Nexus meet?

Nexus is SOC2 Type II and GDPR compliant.