Trust & Safety

Security at Nexaria Digital

Defense-in-depth built into the platform from day one. Here is our security posture, our live component status, and how to report an issue.

Our posture

Security is layered, not bolted on

Nexaria Digital is engineered so that a single failure never exposes your data. Authentication, database policies, server-side validation, and payment verification each stand on their own — a defense-in-depth model borrowed from the standards used across modern Web3 and SaaS platforms.

Authentication & bot protection

Clerk-based auth with session management and bot / abuse mitigation on sign-in flows.

Row-Level Security

Supabase RLS policies so every row is scoped to its owner — data isolation by default.

Server-side validation

All mutations are validated on the server; the client is never the source of truth.

Input sanitization

User input is sanitized and encoded to defend against injection and XSS.

Rate limiting

Request throttling on sensitive endpoints to blunt brute-force and scraping attempts.

Audit logs

Security-relevant actions are recorded for traceability and incident review.

Stripe webhook verification

Payment webhooks are checked against Stripe signatures before any state change.

Role-based access control

RBAC gates admin, agency, and platform-partner capabilities by assigned role.

Encrypted secrets

Keys and credentials live in environment variables — never committed to source.

Abuse reporting

Listings and accounts can be reported for review and takedown.

Suspicious-activity logging

Anomalous access patterns are logged for monitoring and follow-up.

CSRF protection

State-changing requests are protected against cross-site request forgery.

Responsible disclosure

Found something? Tell us.

If you believe you have discovered a vulnerability, we want to hear from you. Report privately and give us a reasonable window to investigate before any public disclosure. We do not pursue good-faith security research.

Please include steps to reproduce, affected pages, and any proof-of-concept. Avoid accessing or modifying other users' data, and never run tests that degrade the service for others.

Platform Status

What's live, and what's wired to go

We label things honestly. Marketplace browsing is operational today. Provider integrations (Clerk, Stripe, Resend, Supabase Realtime) are integration-ready — architected and scaffolded, but not yet switched on in production.

Marketplace

Browsing, listing pages, and search UI

Operational

Authentication

Clerk sign-in & session management

Integration-ready

Payments

Stripe checkout & webhooks

Integration-ready

Email

Resend transactional delivery

Integration-ready

Realtime

Supabase live updates & subscriptions

Integration-ready

Shared responsibility

No system is ever perfectly secure. We protect the platform; you protect your access. Keep your account credentials and — critically — your wallet private keys and seed phrases safe. Nexaria Digital will never ask for your seed phrase. This page is informational and is not financial, legal, or investment advice. Learn more about the platform in our developer docs or review our Terms of Service.