Security & Encryption Standards

How We Protect Your Credentials

Built to the standards of major financial institutions and cloud providers, every layer of our architecture keeps your secrets safe.

AES-256 Encryption

All registrar credentials are encrypted using bank-grade AES-256 and stored only as ciphertext.

Secure Storage

Credentials exist in memory only long enough to be encrypted. Then plaintext is purged forever.

Key Management

Automatic key rotation, strict IAM policies, and full audit logging for every operation.

Limited Access Keys: The Foundation of Security

What Are Limited Access Keys?

Instead of sharing your master registrar credentials, Nerve.io creates temporary, scoped access tokens called "Limited Access Keys" (LAKs). Think of them as digital visitor badges that:

Only work for specific domains you choose
Only allow specific actions (read-only, DNS updates, etc.)
Automatically expire after a set time
Can be revoked instantly without affecting your master credentials

Security Benefits

Least Privilege: Each key has only the minimum permissions needed
Time-Limited: Keys automatically expire, reducing the window of vulnerability
Revocable: You can instantly disable any key without touching your master credentials
Auditable: Every action taken with a key is logged with full details

Multi-Layer Security Controls

Two-Factor Authentication (2FA)

For sensitive operations like domain transfers, deletions, or nameserver changes, we require additional verification through:

TOTP Authentication: Time-based one-time passwords via authenticator apps
Approval Workflows: Manual approval for high-risk operations
Notification Alerts: Immediate alerts when sensitive actions are attempted

Network Security

TLS 1.3: All communications are encrypted using the latest TLS standard
HTTPS-Only: No downgrade paths or insecure connections
IP Restrictions: Optional IP address restrictions for additional security
Rate Limiting: Protection against brute force and abuse attempts

Access Controls

Role-Based Permissions: Different access levels for different team members
Session Management: Automatic session timeouts and secure session handling
Audit Trails: Complete logs of all access attempts and actions

Audit & Compliance

Immutable Audit Logs

Every action taken through Nerve.io is recorded in an immutable audit log that includes:

Timestamp: Precise timing of each action
User Identity: Who performed the action
IP Address: Where the action originated
Action Details: What was changed and how
Outcome: Success or failure status

Compliance Ready

SOC 2 Preparation: Building toward SOC 2 Type II compliance
GDPR Compliance: Full audit trails for data protection requirements
Export Capabilities: Detailed reports for compliance audits
Data Retention: Configurable retention policies for audit logs

Incident Response & Monitoring

Real-Time Monitoring

24/7 Security Monitoring: Continuous monitoring of system activity
Anomaly Detection: Automated detection of suspicious patterns
Alert Systems: Immediate notifications for security events
Performance Monitoring: Real-time system health tracking

Third-Party Security

Infrastructure Security

Google Cloud Platform: Enterprise-grade infrastructure and security
Amazon Web Services: Additional security services and monitoring
Redundant Systems: Multiple layers of protection and backup

Your Security Responsibilities

Best Practices

To maximize your security with Nerve.io:

Use Strong Passwords: Create unique, complex passwords for your Nerve.io account
Enable 2FA: Always use two-factor authentication for your account
Regular Reviews: Periodically review your limited access keys and revoke unused ones
Monitor Logs: Regularly check your audit logs for unusual activity
Keep Software Updated: Ensure your systems and browsers are up to date

Shared Responsibility

Security is a shared responsibility. While we protect your credentials and provide secure infrastructure, you're responsible for:

Account Security: Protecting your Nerve.io login credentials
Key Management: Safely storing and sharing your limited access keys
Access Review: Regularly reviewing who has access to your domains
Incident Reporting: Reporting any suspicious activity immediately

Ready to Secure Your Domain Operations?

Join domain professionals, enterprises, and developers worldwide who are taking control of their domain security and building amazing things.

Start Using Nerve.io Free →

Security of Nerve.io