Security Overview
This page summarises the main security controls in Nairo’s current implementation.
It is intended for customer administrators, IT teams and security stakeholders evaluating authentication, workspace separation, document access, AI processing and review controls.
For legal, contractual or deployment-specific commitments, refer to the applicable agreement, data processing terms and security materials provided by Nairo.
Security principles
Nairo is designed around these principles:
- Workspace separation - customer data is organised by workspace
- Authenticated access - users must authenticate before accessing workspace data
- Tenant-scoped data access - backend services resolve tenant context before tenant-aware operations
- Human oversight - AI supports expert review; it does not replace accountability
- Reference transparency - outputs should be reviewable against available source materials where supported
- Controlled upload and access - documents are uploaded, processed and shared within workspace boundaries
Current security controls
| Area | Current implementation |
|---|---|
| Authentication | Clerk-based authentication and organisation context |
| Workspace scoping | Tenant/workspace slug and tenant context on API requests |
| Tenant separation | Tenant-scoped routing and schema-based data separation |
| File upload | Signed URL upload flow |
| File storage | Uploaded files stored in Google Cloud Storage |
| Document processing | Asynchronous processing after upload |
| Library sharing | Document and folder sharing grants within the workspace |
| Permissions | Focused admin/member controls, not full fine-grained RBAC across every feature |
| AI execution | Assistant, Projects and Insight Table use backend-managed execution; Experts and Actions may use client-side Gemini calls where configured |
| Encryption | Application-level encryption for selected value stores where configured |
| Retention UI | No self-serve customer retention policy UI today |
Authentication
Nairo uses Clerk for user authentication, organisation membership and session management.
Users must be authenticated to access workspace application routes and protected API operations.
A user’s access depends on their organisation membership, active workspace context, assigned role and enabled permissions.
For user administration, see Users and Roles.
Workspace scoping
Each customer workspace is associated with tenant context.
Workspace context is resolved using the tenant or workspace slug. Frontend API requests include tenant context, and backend services resolve the active tenant before executing tenant-aware operations.
Nairo uses tenant-scoped routing and schema-based data separation for tenant-aware backend services.
For more detail, see Tenant Isolation.
Document upload and storage
Nairo’s current document flow is upload-based.
Documents can be uploaded into the Library, Projects and supported product surfaces.
The upload flow uses signed URLs. Uploaded files are stored in Google Cloud Storage and then processed asynchronously for AI-assisted review.
Processing may include extraction, parsing, chunking, embedding or other preparation steps required by the relevant product surface.
Users should confirm that documents have finished processing before relying on them in review work.
For more detail, see Data Handling.
Document access and sharing
Library sharing supports document and folder access grants within a workspace.
Folder sharing may provide inherited access to documents inside the shared folder.
This sharing model is separate from general route-level permissions. A user may have access to the Library surface but only see the documents or folders available to them.
Customer administrators remain responsible for deciding which users should have access to sensitive materials.
Encryption and data protection
Nairo includes application-level encryption capabilities for selected sensitive value stores where configured.
Where enabled for those selected stores, encryption uses AES-256-GCM.
This should not be interpreted as universal field-level encryption across every database table, document, metadata field or product surface.
Broader encryption controls, including transport-layer security, database encryption at rest and object storage encryption, depend on the deployment infrastructure, cloud configuration and contractual commitments.
These should be confirmed as part of the customer’s security and procurement review.
AI security considerations
Nairo uses AI across surfaces such as Assistant, Projects, Experts, Actions and Insight Table.
Model execution differs by surface and configuration.
In the current implementation:
- Assistant uses backend-managed model execution
- Projects use backend-managed model execution for the Project Assistant
- Insight Table execution is backend-managed
- Experts and Actions may use client-side Gemini calls where configured
Internet search may be available for Assistant conversations where enabled. It should not be assumed to be enabled globally across all surfaces.
AI outputs are not guaranteed to be correct. Important decisions require human expert review.
For more detail, see Model Providers and AI Usage and Human Review.
Logging and auditability
Nairo maintains operational and workflow records in selected areas of the product.
The current implementation includes audit-style records for certain workflows and access events, such as document sharing and selected processing operations.
Customers should not assume there is a single customer-facing immutable audit portal covering every user action and AI interaction today.
For audit-oriented workflows, teams should define which outputs, notes and records must be retained in their own governance process.
What Nairo does not provide today
The following are not available as self-serve capabilities in the current application UI:
- Configurable data retention policies
- Self-serve data residency configuration by customer
- Workspace-wide model policy configuration
- Self-serve BYOK or BYOM configuration
- Fine-grained enterprise RBAC across every product feature
- A single customer-facing immutable audit log viewer
Organisations should address these requirements through contractual terms, internal policy and supplementary controls where needed.
Related areas
- Data Handling
- Tenant Isolation
- AI Usage and Human Review
- Model Providers
- Users and Roles
- Permissions
- Data Retention
- Subprocessors
- FAQ
Getting started
Review this overview with your information security team alongside Subprocessors, Data Handling, Tenant Isolation and your contractual data processing terms with Nairo.