Security

Security posture for the Nanoneuron MVP

This MVP uses access control, safer default headers, isolated environment configuration, and manual payment verification instead of direct card handling.

Current controls

Authentication for registered users with session-backed token handling.
Trial gating and access checks for protected endpoints.
Security headers, CSP, referrer policy, and frame denial in the web surface.
Secrets and payment rails loaded from environment variables.

Payment handling

Manual payment rails and bank transfer references are handled without storing raw card details.
Account access should only be activated after payment confirmation.
The MVP should rely on external rails rather than building direct card storage.

MVP limitations

This is not a certified enterprise security program.
No claim is made for ISO 27001, SOC 2, or equivalent certifications.
Production rollout still requires monitoring, backups, incident response, and secret rotation discipline.