NexaLink processes billions in financial transactions. Our security, compliance, and privacy infrastructure is built to earn the trust of the world's most regulated institutions.
Independently audited, continuously monitored, and maintained by a dedicated security team. Download the latest reports directly.
| Certification | Status | Last Audit | Scope | Report |
|---|---|---|---|---|
|
SOC 2 Type II
AICPA Trust Services
|
Active | November 2025 | All platform services | Download |
|
PCI-DSS Level 1
Payment Card Industry
|
Active | September 2025 | Payment processing, card data | Download |
|
ISO 27001
Information Security Mgmt
|
Active | January 2026 | Global operations | Download |
|
GDPR
EU Data Protection
|
Compliant | Ongoing | EU customer data processing | DPA |
|
CCPA / CPRA
California Consumer Privacy
|
Compliant | Ongoing | US consumer data | Policy |
|
SOX Compliance
Sarbanes-Oxley
|
Compliant | October 2025 | Financial controls & reporting | Download |
Full audit reports are available under NDA. Request access
Multiple independent layers of security ensure that a breach of any single layer does not compromise the system.
Choose where your data lives. NexaLink supports full data residency requirements with region-locked processing and storage.
We collect only the data necessary to provide services. Customers control exactly which data points are accessed, and we support granular permissioning at the field level.
Data is processed in-region unless explicitly configured otherwise. Default retention is 90 days with configurable policies. Automated purging on account closure.
Full data export in standard formats (JSON, CSV). GDPR/CCPA deletion requests processed within 72 hours. Cryptographic erasure for all copies including backups.
Download pre-completed security questionnaires in standard formats. Our responses are reviewed and updated quarterly.
Shared Assessments Standard Information Gathering questionnaire (Lite version). 180+ questions pre-answered.
Complete SIG questionnaire covering all 18 risk domains, 800+ questions with comprehensive responses and evidence.
Cloud Security Alliance Consensus Assessment Initiative Questionnaire. Cloud-specific security controls documented.
Our comprehensive security whitepaper, architecture overview, and consolidated answers to the 50 most common questions.
Have a custom questionnaire? Our security team will complete it within 5 business days.
Submit Custom QuestionnaireReal-time visibility into our operational and security posture. Updated continuously, not just at audit time.
We know security reviews are the longest pole in the procurement tent. Our dedicated compliance team guarantees a 5-business-day turnaround on all security assessments.
Standard legal agreements pre-approved by our legal team. Download, review, and countersign — no negotiation required for standard terms.
Standard mutual non-disclosure agreement covering confidential information exchange during evaluation and partnership.
GDPR-compliant DPA with Standard Contractual Clauses (SCCs) and supplementary measures for cross-border transfers.
HIPAA-compliant BAA for customers handling protected health information (PHI) in financial health and insurance workflows.
Our compliance team is standing by. Get your security pack, schedule an architecture review, or submit your custom questionnaire today.