Skip to content

Security

How we protect your data. No hand-waving — here's exactly what we do and where we are.

Novyx handles your agents' memory. That means we take data security seriously from day one. Here's what's in place today and what's coming.

Encryption at rest and in transit

All data is encrypted at rest using AES-256 via Supabase-managed Postgres. All API traffic is TLS 1.2+ encrypted in transit. No plaintext, ever.

HMAC-signed API keys

Every API key is generated with HMAC-SHA256 signing. Keys are hashed before storage — we never store your raw key. Revoke and rotate instantly from the dashboard.

Cryptographic audit trail

Every memory operation is SHA-256 hashed and timestamped. The audit chain is append-only and tamper-evident. Export logs for compliance at any time.

Supabase + Postgres backend

Built on Supabase with managed Postgres — battle-tested infrastructure with automatic backups, point-in-time recovery, and row-level security. No custom database experiments.

Audit on every operation

Every API call — store, recall, rollback, delete — is logged with a timestamp, operation type, and cryptographic hash. Nothing happens in the dark.

SOC 2 compliance — planned

We are actively working toward SOC 2 Type II compliance. We take this seriously and will announce certification when it is complete. We are not there yet — we are being honest about that.

Where we are, honestly

Novyx is a bootstrapped product built by a solo founder. We are not a large enterprise with a dedicated security team — yet. But we've made deliberate infrastructure choices to keep your data safe from the start.

We use Supabase's managed Postgres with automatic daily backups and point-in-time recovery. API keys are HMAC-signed and hashed before storage. Every memory operation produces a cryptographic audit record. All traffic is encrypted in transit with TLS 1.2+.

SOC 2 Type II certification is on our roadmap. We're building the internal controls and documentation now. When it's done, we'll announce it. Until then, we won't claim it.

Questions about security? Email support@novyxlabs.com.