Security & Privacy

Security Framework Alignment

  • Aligned with SOC 2 Trust Service Criteria
  • Designed in accordance with ISO/IEC 27001 security principles
  • Informed by NIST cybersecurity best practices
  • Built using security controls consistent with industry standards

Data Security

NOCT is designed with strict data isolation and least-privilege access as core principles. All data is stored and handled in the United States.

Scan artifacts, credentials, and sensitive metadata are encrypted both in transit and at rest. Access to encrypted data is tightly restricted, audited, and enforced through role-based controls.

Cached server credentials and IP:PORT information are protected using AES-256 encryption, wrapped within a XOR-based hash stream to provide additional cryptographic obfuscation. Credentials are retrieved only when operationally required and are always transmitted using the same encrypted transport protections.

Scan results are stored using AES-256 encryption with XOR-wrapped hash-stream protection and are decrypted only upon explicit user request through authenticated dashboard queries.

Scan engines operate within segregated execution environments. Customer credentials and server details are decrypted exclusively in memory (RAM) for the duration of an execution window and are never persisted in plaintext.

Privacy Commitment

NOCT collects only the minimum data required to perform authorized security testing.

We do not sell, share, or repurpose customer data—ever. Customer information is used exclusively to deliver requested services and is governed by strict internal access controls and auditing practices.