What you can tell your security team.

Compute runs on Vercel pinned to syd1. The database runs on Neon in aws-ap-southeast-2. Object storage runs on Cloudflare R2 with the APAC location group. Every API call, every scheduled job, every database query happens in Australia.

The exception is the AI extraction step. Our model provider doesn’t expose an Australian endpoint yet, so prompts hit a US region. Before that happens, every prompt is run through pattern-based redaction inside Australia. Anything classified above OFFICIAL is gated entirely; the AI step is skipped on classified content. The day an Australian endpoint becomes available, we switch by setting an alternate base URL.

• ComputeVercel · syd1
• DatabaseNeon · aws-ap-southeast-2
• Object storageCloudflare R2 · APAC
• AI extractionUS region (PII redacted before send)

The Postgres database is encrypted with AES-256 via AWS KMS, key-managed by Neon. The R2 buckets are encrypted server-side with AES-256, key-managed by Cloudflare. Backups inherit the same encryption.

Application-layer signing keys are wrapped with a separate key-encryption key that lives only in the runtime environment. The wrapped keys never leave the database; the wrapping key never reaches the database. NextAuth session cookies are signed and encrypted, set httpOnly + secure.

Customer-managed keys (CMK) and HSM-backed signing aren’t available on our current Neon and R2 plans; if your security review requires either, we’ll talk you through the upgrade path during procurement.

TLS 1.2 or higher on every public endpoint, including the database connection from Vercel to Neon and the R2 endpoint. HSTS is set with a one-year max-age and includeSubDomains.

There is no HTTP path on the production domain; an HTTP request lands a 308 to HTTPS before any route logic runs.

Every API route runs an authentication check. Every project-scoped route additionally checks that the user is a member of the project the request is about. Super-admin reads (used for support) require a separate gate and are logged.

Access to a Nebula-managed agreement is bounded by membership of the project that owns it. Counterparty access flows through invitation; revoking access removes future visibility immediately and is recorded in the audit trail.

Single sign-on, SCIM provisioning, and per-user clearance enforcement on classified content are not yet available. The clearance metadata is recorded on every commitment that is classified; per-user gating is the next step and is buyer-driven.

Every API request is recorded to an access log: who called, what route, what status, when, with the IP address hashed (raw IP is never stored). The access log retains for ninety days.

Every state change on every agreement is recorded to an activity log: which item, what changed, who changed it, when, and (where applicable) the chain anchor that proves it. The activity log retains indefinitely; that’s the audit trail you export when your auditor or counterparty asks.

Every export, every login, every right-to-erasure request lands in its own log. Sensitive log access is itself logged.

Pattern-based redaction strips Australian phone numbers, ABNs, ACNs, email addresses, TFNs, Medicare numbers, and driver’s licence numbers before any AI call. The model never sees the raw values; a round-trip helper restores them when the response comes back.

Customer documents and the structured data we extract from them are never used to train any AI model. Anthropic, our model provider, contracts to the same posture.

Account closure schedules a real right-to-erasure with a thirty-day grace period. Cancel before the grace expires and your data stays. Past the grace, customer-controlled data is deleted; the anchored proof chain stays intact (only the hashes are on the chains, never the content).

Every commitment recorded in Nebula carries a classification field with four levels: UNCLASSIFIED, OFFICIAL, OFFICIAL: SENSITIVE, and PROTECTED. The default is UNCLASSIFIED.

OFFICIAL: SENSITIVE and below run on the standard infrastructure with the AI step gated. PROTECTED is supported at the data-model level (the column exists, the badge renders, the AI step is gated) and is buyer-deal-specific for full deployment, including network segregation, write-once audit log, and per-user clearance enforcement.

Defence, commonwealth, and infrastructure industry packs add the validators and relationship types that match how those sectors actually run.

We map our controls to the AICPA Trust Services Criteria internally. The architecture (access control, audit logging, encryption, integrity controls, processing integrity, anti-gaming detection, right to erasure, classification handling) is in place; the remaining work for a formal SOC 2 audit is operational (audit cadence, evidence collection, vendor reviews, penetration test) and we step into it when a buyer needs the certification on the contract.

The IRAP-aligned data-handling matrix is similarly maintained internally. It documents storage location, encryption posture, retention, access controls, and classification compatibility for every class of data we hold. We’ll share both with you under NDA during procurement diligence.

Session secret: every twelve months. AI provider key: every six months. Object-storage access keys: every six months. On-chain signing wallet: only on suspected compromise. Each rotation has a written procedure, a known blast radius, and a rollback path; a fresh on-call engineer can execute without escalation.

Signing keys for chain anchors rotate quarterly with chained signatures, so the chain of trust survives a rotation. A counterparty verifying an old proof gets the same answer they got the day it was anchored.

For partners doing diligence: the IP behind Nebula sits across the runtime, the data structure, the chain proofs, the negotiation engine, the track-record system, and the anti-gaming detectors. Twelve families filed; one PCT application and eleven Australian provisional. The full claim register is internal; the public-facing summary is below.

Structured agreements. Turning the documents that define the work into commitments and dependencies that can be queried.

Two-chain proofs. Recording state changes to two independent chains so neither party can rewrite history.

Tracked revisions. Keeping the original wording in the audit trail when an agreement is revised.

Cascade risk. Showing what slips when one thing slips, before it slips.

Anti-gaming detectors. Catching backdated entries, suspicious patterns, and statistical outliers.

Earned track records. Counterparty reliability built from anchored events that anyone can verify.

Bounded counter-offers. Finite-round negotiation so disputes converge instead of dragging out.

Score privacy. Proving a track record clears a threshold without revealing the underlying score.

Industry extensions. Pluggable packs for defence, infrastructure, and commonwealth on the same engine.

Pre-AI redaction. Stripping sensitive material before any prompt leaves Australia.

Deadline extensions. Recognising when a deadline is formally extended and recalculating impact.

Change provenance. Preserving the full chain of changes so each project reads as a single record.

SCIM and SSO. Manual user and membership management today; SAML and SCIM are buyer-driven.

Customer-managed keys. Not on our current Neon and R2 plans. Plan upgrade is the path.

HSM-backed signing. Signing keys are encrypted but not held in an HSM. Phase 17 work.

Per-user clearance enforcement. The classification column exists on every item; per-user gating is the next implementation step.

Air-gapped or VPC-isolated deployment. SaaS only today. PROTECTED-grade buyer would need a separate deployment shape; not in scope without a deal.

External penetration test. Not yet commissioned. The cadence is buyer-driven and lands before we sign with a buyer who requires it.