Security at NEO
Last updated:
How we protect your data
We treat your account data and your customers' conversations as confidential. Our infrastructure is hosted on managed providers with industry-standard physical and network controls, and we apply the principle of least privilege across our systems.
[PLACEHOLDER: legal team to expand with the specific controls, frameworks, and any third-party attestations we are willing to commit to publicly.]
Authentication
Accounts are protected by passwords stored in salted, hashed form. We support strong-password rules and are working towards broader multi-factor options for the people who need them.
[PLACEHOLDER: legal team and security team to confirm the supported MFA methods and the session lifetime.]
Encryption
Traffic between your browser and our servers is encrypted in transit using TLS. Data we hold on your behalf is encrypted at rest on the underlying storage layer.
[PLACEHOLDER: security team to confirm the cipher suites, key-management approach, and any envelope-encryption details we want to disclose.]
Access controls
Access to production systems is restricted to a small number of authorised people and is logged. Internal access is reviewed and revoked when it is no longer required.
[PLACEHOLDER: security team to expand with the review cadence and the specific role definitions used internally.]
Incident response
If we discover a security incident that affects your data, we will investigate promptly, work to contain the impact, and notify the people who need to know.
[PLACEHOLDER: legal team to define the formal notification window, the channels we will use, and the regulators we are required to inform.]
Reporting a vulnerability
If you believe you have found a security issue in NEO, please write to security@hereisneo.com with the details. We appreciate responsible disclosure and will respond as quickly as we can.
[PLACEHOLDER: security team to publish the formal disclosure policy, including scope, safe-harbour language, and any reward programme.]