Security
Security and trust.
nxthreat, a Tampa Dynamics product, is built for healthcare AI deployments where every agent action that touches PHI needs a policy decision and a verifiable receipt.
Stateless gateway
nxthreat deploys as a stateless Fastify gateway on AWS ECS Fargate behind an Application Load Balancer. The proxy holds no per-request state; horizontal scale-out is the answer to volume.
Receipt immutability
Signed receipts are written to append-only S3 storage with Object Lock in Compliance mode and IfNoneMatch conditional writes. Every read re-verifies the signature before bytes return to the caller.
Auditor verification
Evidence packs include a 13 KB zero-dependency verifier CLI for clean Node 18+ installs. Auditors can verify receipt signatures without AWS credentials, nxthreat code, or network access.
Privacy-respecting analytics
The marketing site uses Plausible analytics without cookies, fingerprinting, or ad tracking. Product telemetry and customer evidence flows are governed by the customer agreement.
Latency budget
The proxy is engineered to a p50 < 15ms / p99 < 50ms overhead budget. CI runs k6 thresholds against LocalStack on every push; production-AWS validation occurs at first dev-account deploy. We will publish measured production numbers once they exist.
Vulnerability disclosure
Report security issues to security@nxthreat.io. The same contact is published at /.well-known/security.txt.