NerovaNerovaDocs

Trust

Security

Operate Nerova with deliberate access, approved data, and clear human ownership.

5 min read

Define security ownership

  • Assign an owner for each agent, connected service, and sensitive data source.
  • Document which actions require human approval or escalation.
  • Review access and workflow boundaries when responsibilities change.
  • Use Account security for sign-in methods, sessions, and audit-log instructions.

Choose data deliberately

Only provide data required for the agent’s assigned workflow. Separate public, internal, confidential, and regulated material according to your organization’s policies before connecting sources or uploading documents.

  • Remove secrets and credentials from documents and instructions.
  • Avoid using production personal data when a synthetic test case is sufficient.
  • Confirm that your organization has permission to use each connected source.
  • Retire sources and integrations that are no longer required.

Keep humans in control

Define which actions an agent may complete, which require approval, and which must always be handled by a person. Test those boundaries with realistic adversarial and accidental requests.

If you suspect a security issue

  1. 01

    Limit exposure

    Stop the affected agent or disconnect the relevant integration when it is safe to do so.

  2. 02

    Preserve context

    Record the time, affected account, workflow, and observable behavior without sharing secrets.

  3. 03

    Contact Nerova

    Use the official contact channel and identify the report as a security concern.

  4. 04

    Rotate affected access

    Change credentials or revoke provider authorization when exposure is possible.