Encryption — at rest and in transit
TLS 1.2+ on every public endpoint with HSTS preload, AES-256 at rest across Postgres, Redis, and object storage. Virtual keys are SHA-256 hashed on creation; the plaintext is shown once and never stored.
Nemo Router is the gateway for every prompt, every key, and every dollar of spend. This page is the engineering deep-dive — the request path, the RLS contract, and the credit-safety invariants auditors walk through.
Architectural invariants
Backed by managed Cloud Run + Supabase
At rest + TLS 1.2+ in transit
Every Nemo table, no exceptions
LLM traffic uses virtual keys only
Framework status (SOC 2, GDPR, HIPAA, PCI) lives on the compliance page; documents and posture on the trust center.
Every request flows through Nemo Backend before it touches a provider. Auth checks, RLS scope, credit reservation, and guardrails all live on the same hop — there is no shortcut path for the frontend to call an LLM directly.
Request flow
Client / SDK
Bearer sk-nemo-…
Only virtual keys leave the client; master keys never ship.
Frontend (Next.js)
Cloud Run
Server actions add auth + RLS scope before forwarding.
Nemo Backend
Nemo Router
Auth, credit reserve, guardrails, observability — in path.
Nemo Intelligent Proxy Router
Routing engine
Cost tracking, rate limits, provider fallback chains.
Provider
Vertex / Anthropic / OpenAI
Outbound traffic only; no inbound provider calls.
The Nemo Intelligent Proxy Router is fully managed — every request is authed, scoped, and guardrailed before it reaches a provider, with nothing for you to harden.
Every Nemo Router customer gets the full security posture from day one. No “Enterprise tier” for SSO, audit logs, or guardrails — these are not features we sell, they are guarantees we ship.
TLS 1.2+ on every public endpoint with HSTS preload, AES-256 at rest across Postgres, Redis, and object storage. Virtual keys are SHA-256 hashed on creation; the plaintext is shown once and never stored.
Row-Level Security on every Nemo table, every policy scoped by organization_id — no `USING (true)` anywhere. Cross-tenant reads are impossible at the database layer, and a continuous gap-hunter scanner verifies the contract holds.
Customer LLM traffic only ever uses virtual keys (sk-nemo-…) with per-key spend tracking, RPM/TPM caps, and instant revocation. Master keys are reserved for internal management CRUD — never the dashboard, playground, or your code.
Every request passes through auth, RLS scoping, guardrails, and credit reserve+settle before it reaches a provider. CSP, X-Frame-Options, and Stripe webhook signature checks ride on every response and event.
PII redaction (Microsoft Presidio), prompt-injection detection, secret scanning, abuse blocking, and response scanning — included on every plan, configurable at org > team > key scope.
Every administrative action, key change, guardrail trigger, and budget event is logged with actor, source IP, payload diff, and timestamp — append-only, exportable as CSV/JSON for SIEM ingestion. 90-day request log retention; longer on Enterprise.
Multi-tenancy is enforced at the database, not the application layer. The application can have bugs; the database refuses to return rows from the wrong tenant.
Tenant isolation
Every record is scoped to your organization, and Row-Level Security enforces that boundary at the database itself — a query against the wrong tenant returns zero rows. There is no mapping table to drift, no sync layer to compromise.
RLS policy spot-check
Every LLM request reserves credits before forwarding and settles after the cost header arrives. Failures release the reservation. There is no path to a negative balance because the database refuses to write one.
Reserve + settle
The credit ledger applies every increment/decrement atomically, so concurrent writes never race. Webhooks are idempotent on Stripe event id. Reservations expire automatically if a request never settles.
Money-safety invariants
Engineering principle
Built audit-ready from day one — not retrofitted before a procurement call.
RLS, virtual keys, master-key isolation, reserve+settle credit safety, and the audit trail are non-negotiable invariants in our platform — enforced by tests that block merges, not by promises on sales calls.
Customer data lives in managed Postgres with at-rest encryption, replicated within a single region. United States is the default footprint. EU residency is generally available on Enterprise; the UK, Canada, Australia, Singapore, and India are available on request — covering GDPR data-locality requirements and the residency expectations of the EU AI Act.
Default US runs on us-central1; EU on europe-west4 with Supabase Postgres co-located and subprocessors signed under EU SCCs. Need a region pinned? sales@nemorouter.ai.
Sessions are managed by Supabase Auth. Idle timeout is enforced from the dashboard, refresh tokens rotate transparently, and users can revoke active devices from their account page.
Idle timeout — 30 minutes (default). Inactive dashboard sessions surface an idle warning at 25 minutes and force re-auth at 30. Configurable per-org for enterprise.
Refresh-token rotation. Refresh tokens rotate on every use (Supabase Auth). A leaked refresh token is invalidated the moment its successor is issued, and the user is force-signed-out across all devices.
Device management. Account → Security lists every active session by device, OS, and last-seen IP, with one-click revocation — kill the session before an attacker reaches the dashboard.
Session vs API key. Dashboard sessions sign management calls only. Every LLM request uses a virtual API key with its own RPM/TPM/budget caps — a compromised session cannot run unbounded inference.
If you discover a security issue, please report it responsibly. We acknowledge within 48 hours, target 7 days for critical fixes, and follow coordinated disclosure.
Security review · 30 minutes
No NDAs to start, no sales gate. Bring your auditor — they will get the same answers we give the engineering team.