Light mode illustration

Security Overview

Effective: August 5, 2025

We use administrative, technical, and physical safeguards to protect data processed by Nexalink and CareCompass.

Technical Controls

  • Encryption in transit (TLS 1.2+) and at rest (managed keys)
  • Logical tenant isolation; network segmentation
  • Least-privilege access; MFA for administrative access
  • Secure SDLC, code review, dependency scanning, patch cadence
  • Automated backups and tested restore procedures
  • Logging and monitoring with alerting on anomalies

Organizational Controls

  • Role-appropriate background checks (as lawfully permitted)
  • Security and privacy training at onboarding and annually
  • Access reviews and change management
  • Vendor management and sub-processor reviews

Incident Response

We maintain an incident response plan with defined roles, communications, and notification timelines. Breach notifications follow applicable law and contractual obligations.

Data Residency

We host and process data in the United States and do not intentionally offer the Services outside the U.S.

For questions, contact legal@nexalink.care.