Security, by default.

Every connection to Neweb uses TLS 1.3. Every database and storage bucket is encrypted at rest with AES-256. Backups are encrypted independently with separate keys.

We enforce role-based access controls. Every engineer action on production is logged and reviewed. Access requires single sign-on with hardware-key 2FA. Production access is scoped to the minimum needed for the task and audited weekly.

• Hourly incremental backups.
• Daily full backups.
• Weekly off-site replicas, encrypted with separate keys.
• Point-in-time restore available to any customer on request within 30 days.

We run continuous vulnerability scanning, automated dependency audits, and third-party penetration tests annually. All critical findings have SLAs on resolution time.

• Aligned with GDPR, CCPA, and India's DPDP Act (2023).
• SOC 2 Type II audit in progress (target: Q3 2026).
• ISO 27001 roadmap in planning.

AI-generated outputs from Neweb remain scoped to your account and content. Model providers are bound by data-processing agreements that prohibit training on customer inputs.

Found a vulnerability? Email info@commerciax.com with [SECURITY] in the subject and full reproduction steps. We respond within 48 hours, acknowledge valid findings, and offer a bounty for severe issues. Please don't disclose publicly until we've had a reasonable window to fix.

• Email — info@commerciax.com (PGP key on request)
• Phone — +1 978 981 1118