Security

NextSet handles business and customer conversation data, so production security needs to be explicit. This page describes the current security posture at a high level and how to report concerns.

Platform Controls

  • Application hosting and AI workloads run on Microsoft Azure.
  • Authentication is handled through Supabase.
  • Operational integrations include Stripe for billing and Twilio for messaging/voice.
  • Protected server-side routes use bearer-token verification and service-role access only where needed.
  • Debug and diagnostic routes are restricted to development-only access.

Data Handling

  • Customer intake and business workflow data are stored in configured backing services rather than in the browser.
  • Billing state is separated from public marketing pages and handled through server-side Stripe flows.
  • Transactional messaging and appointment communications depend on configured third-party delivery providers.

Security Contact

If you discover a security issue, contact support@nextset.ai with the subject line Security Report.

Include reproduction steps, affected URL or route, impact, and any supporting screenshots or logs.

Privacy PolicyTerms of ServiceContact