Security
Finance products earn trust through actions, not slogans. Here's how Nexa protects your data.
Encryption everywhere
Sensitive financial data is encrypted at rest with envelope encryption. All traffic uses HTTPS/TLS in transit.
No bank credentials
Nexa never asks for your bank login, card numbers, or CNIC. We cannot access your bank accounts because we never connect to them.
Staff cannot browse your data
Our team cannot view your salary, expenses, or goals unless you explicitly share a temporary support snapshot when reporting an issue.
You control your data
Export your data or permanently delete your account anytime from Profile → Data & privacy. Deletion is irreversible.
Authentication
- Passkeys (WebAuthn) for phishing-resistant sign-in
- Magic-link email authentication
- Password hashing with industry-standard algorithms
- User-visible security activity log in your profile
Infrastructure
Nexa runs on secure cloud infrastructure with restricted production access, encrypted backups, and regular dependency updates. We follow least-privilege principles — engineers access only what they need to operate the service.
- Envelope encryption at rest
- No bank linking required
- PKR-native payday cycles
- Export or delete your data anytime
- Passkeys & magic-link sign-in
AI coach safety
The AI coach is read-only — it explains your numbers but cannot move money, change your data, or execute transactions. Responses are grounded in Nexa's financial engine, not open-ended speculation.
Reporting security issues
Found a vulnerability? Please report it responsibly to security@nexa.app. We take security reports seriously and will respond promptly.