Trust
Security
Operate Nerova with deliberate access, approved data, and clear human ownership.
5 min read
Define security ownership
- Assign an owner for each agent, connected service, and sensitive data source.
- Document which actions require human approval or escalation.
- Review access and workflow boundaries when responsibilities change.
- Use Account security for sign-in methods, sessions, and audit-log instructions.
Choose data deliberately
Only provide data required for the agent’s assigned workflow. Separate public, internal, confidential, and regulated material according to your organization’s policies before connecting sources or uploading documents.
- Remove secrets and credentials from documents and instructions.
- Avoid using production personal data when a synthetic test case is sufficient.
- Confirm that your organization has permission to use each connected source.
- Retire sources and integrations that are no longer required.
Keep humans in control
Define which actions an agent may complete, which require approval, and which must always be handled by a person. Test those boundaries with realistic adversarial and accidental requests.
If you suspect a security issue
- 01
Limit exposure
Stop the affected agent or disconnect the relevant integration when it is safe to do so.
- 02
Preserve context
Record the time, affected account, workflow, and observable behavior without sharing secrets.
- 03
Contact Nerova
Use the official contact channel and identify the report as a security concern.
- 04
Rotate affected access
Change credentials or revoke provider authorization when exposure is possible.