Security at Nexaria Digital
Defense-in-depth built into the platform from day one. Here is our security posture, our live component status, and how to report an issue.
Our posture
Security is layered, not bolted on
Nexaria Digital is engineered so that a single failure never exposes your data. Authentication, database policies, server-side validation, and payment verification each stand on their own — a defense-in-depth model borrowed from the standards used across modern Web3 and SaaS platforms.
Authentication & bot protection
Clerk-based auth with session management and bot / abuse mitigation on sign-in flows.
Row-Level Security
Supabase RLS policies so every row is scoped to its owner — data isolation by default.
Server-side validation
All mutations are validated on the server; the client is never the source of truth.
Input sanitization
User input is sanitized and encoded to defend against injection and XSS.
Rate limiting
Request throttling on sensitive endpoints to blunt brute-force and scraping attempts.
Audit logs
Security-relevant actions are recorded for traceability and incident review.
Stripe webhook verification
Payment webhooks are checked against Stripe signatures before any state change.
Role-based access control
RBAC gates admin, agency, and platform-partner capabilities by assigned role.
Encrypted secrets
Keys and credentials live in environment variables — never committed to source.
Abuse reporting
Listings and accounts can be reported for review and takedown.
Suspicious-activity logging
Anomalous access patterns are logged for monitoring and follow-up.
CSRF protection
State-changing requests are protected against cross-site request forgery.
Responsible disclosure
Found something? Tell us.
If you believe you have discovered a vulnerability, we want to hear from you. Report privately and give us a reasonable window to investigate before any public disclosure. We do not pursue good-faith security research.
Please include steps to reproduce, affected pages, and any proof-of-concept. Avoid accessing or modifying other users' data, and never run tests that degrade the service for others.
Platform Status
What's live, and what's wired to go
We label things honestly. Marketplace browsing is operational today. Provider integrations (Clerk, Stripe, Resend, Supabase Realtime) are integration-ready — architected and scaffolded, but not yet switched on in production.
Marketplace
Browsing, listing pages, and search UI
Authentication
Clerk sign-in & session management
Payments
Stripe checkout & webhooks
Resend transactional delivery
Realtime
Supabase live updates & subscriptions
Shared responsibility
No system is ever perfectly secure. We protect the platform; you protect your access. Keep your account credentials and — critically — your wallet private keys and seed phrases safe. Nexaria Digital will never ask for your seed phrase. This page is informational and is not financial, legal, or investment advice. Learn more about the platform in our developer docs or review our Terms of Service.