Last updated: December 28, 2025
Our Security Philosophy
Security is not an afterthought at Nexto.do; it is built into the very foundation of our architecture. By choosing Rust for our backend, we eliminate entire classes of common security vulnerabilities, such as buffer overflows and memory leaks, which are often exploited in other languages.
Authentication & Authorization
We use industry-standard JSON Web Tokens (JWT) for secure authentication. When you log in, a signed token is issued and stored securely in your browser. This token is required for every subsequent request to our GraphQL API, ensuring that only authorized users can access or modify data.
Passwords are never stored in plain text. We use the bcrypt hashing algorithm with a high cost factor to ensure that even in the event of a database breach, user credentials remain protected against brute-force attacks.
Data Protection
All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security). Our PostgreSQL database is configured with strict access controls, and we use SQLx to prevent SQL injection attacks by ensuring all queries are parameterized and verified at compile-time.
Infrastructure Security
Our infrastructure is monitored 24/7 for suspicious activity. We perform regular security audits and dependency updates to protect against newly discovered vulnerabilities in the libraries we use.
Reporting a Vulnerability
We welcome reports from security researchers and users. If you believe you have found a security vulnerability in Nexto.do, please contact our security team immediately. We will investigate all legitimate reports and do our best to quickly fix the issue.