Alpha Nodus protects Customer Data with layered administrative, technical, and organizational safeguards designed to preserve confidentiality, integrity, and availability.
Data Security
Encryption in transit and at rest: Customer Data is encrypted in transit (e.g., TLS) and at rest across our platform.
Key management: We use AWS Key Management Service (KMS) to manage encryption keys. AWS KMS performs cryptographic operations inside hardware security modules (HSMs) to protect key material.
Application Security
Independent penetration testing: We regularly engage third-party application security experts to perform penetration testing. Testing includes evaluation of source code, the running application, and the deployed environment.
Continuous code security: We use GitHub Advanced Security capabilities—including CodeQL code scanning, secret scanning, and dependency vulnerability management (Dependabot)—to help detect issues early and reduce risk throughout the development lifecycle.
Infrastructure Security
Cloud hosting: Gravity is hosted on Amazon Web Services (AWS).
Threat detection & vulnerability management: We leverage AWS-native security services such as GuardDuty (threat detection) and Inspector (automated vulnerability management), along with AWS KMS.
Modern deployment model: We deploy using containers on AWS-managed serverless services, which typically reduces the need for us to manage traditional servers or EC2 instances in production.
Vulnerability Reporting
Security researchers and customers can report vulnerabilities through our Bug Bounty Program. Researchers acting in good faith and following the program rules are covered by our safe harbor commitment.
Reporting channel: security@alphanodus.com
Transparency
We publish security documentation and updates through our Trust Report.
Important Note
No system can be guaranteed 100% secure. Security is an ongoing process of prevention, detection, response, and continuous improvement.
