Security

In Transit: All data transmitted between your browser and Nesta Market is encrypted using TLS 1.3. We enforce HTTPS on all connections with HSTS headers.

At Rest: Sensitive data including credentials, API keys, and payment tokens are encrypted at rest using AES-256 encryption.

Custom Domains: Free SSL certificates are automatically provisioned for all custom domains via Cloudflare.

JWT Authentication: Secure, token-based authentication with automatic expiration and refresh rotation. Sessions are invalidated on password change.

Role-Based Access Control: Granular permissions for store owners, managers, and staff. Each role has access only to the resources they need.

Unified Auth: Single sign-on across the Wade Technology ecosystem with centralized session management.

Tenant Isolation: Every store's data is completely isolated in our multi-tenant architecture. Database queries are filtered by tenant ID at every layer - no cross-store data leakage is possible.

Payment Security: We never store credit card numbers. All payment processing is handled by PCI-compliant providers (Stripe, PayPal, Square). Only tokenized references are stored.

Backups: Automated daily backups with point-in-time recovery. Data is stored in geographically distributed locations.

Hosting: Nesta Market runs on enterprise-grade infrastructure with DDoS protection, automated failover, and 24/7 monitoring.

Network Security: Cloudflare WAF (Web Application Firewall) protects against common attack vectors including SQL injection, XSS, and CSRF. Rate limiting is applied to all API endpoints.

Monitoring: AI-powered health monitoring continuously watches all services, with automated remediation and alert escalation.