NexusRN
Public Preview
Security & Responsible Disclosure
NexusRN public-preview security posture and how to report issues.
Current preview posture
The public preview does not collect payment inside the app and does not provide production accounts. Visitors should not enter protected health information, patient identifiers, or confidential employer data.
Security controls in this public build
| Control | Status |
|---|---|
| HTTPS | Served through the production domain with HSTS configured in Vercel. |
| Security headers | Content-Type protection, referrer restriction, same-origin frame protection, Permissions-Policy, and transitional CSP are configured. |
| Full source DB | The monolithic full DB is removed from the public deploy package; learner mode uses chunked public-preview data. |
| Diagnostics | Public diagnostics pages with admin full-DB fetch capability are removed from the deploy package. |
Report a security issue
Email lilianhossamfahmi@gmail.com with the subject NexusRN security report. Include the affected URL, browser, steps to reproduce, and impact. Do not access, copy, or disclose other users' data.
Before paid launch
Accounts, payment webhooks, entitlement checks, audit logging, incident-response workflow, and privacy counsel review must be completed before public paid sales.