Security Center

Last Updated: December 8, 2025

At DigitalNomads AI, Inc. ("Nomad AI"), security is the foundation of our Wealth OS. We maintain a comprehensive security framework to protect our data, systems, and your assets.

Reporting a Vulnerability

If you discover a security vulnerability in the Nomad AI platform, we appreciate your responsible disclosure. By working together, we can address the issue promptly and ensure the security of our ecosystem.

How to Report

  1. Email: Send an email to our security team at security@usenomad.ai.
  2. Subject: Use a descriptive subject line, e.g., "Security Vulnerability Report - [Component Name]."
  3. Description: Provide a detailed description, including steps to reproduce the issue.
  4. Proof of Concept: Attach a proof-of-concept or screenshots if safe to do so. Do not exploit the vulnerability to access user data or funds.

Response Timeline

48h
Acknowledgement
ASAP
Assessment
Live
Resolution Updates

Encryption & PGP

For sensitive reports, please ask for our public PGP key in your initial correspondence.

Security Policy Framework

1. Data Classification

We ensure all data is properly classified and protected based on sensitivity and criticality.

LEVEL 1Public Data

Marketing materials, press releases. No restrictions on disclosure.

LEVEL 2Internal Use

Company policies, internal reports. Not for external sharing.

LEVEL 3Confidential

PII, financial data, research. Restricted to authorized personnel.

LEVEL 4Highly Confidential

Trade secrets, keys, proprietary code. Strict access control.

2. Access Control

Access to systems and data is granted based on the principle of Least Privilege and Need-to-Know.

  • Role-Based Access Control (RBAC): Privileges are tied to specific job roles.
  • Separation of Duties: Critical functions are distributed to prevent single points of failure or abuse.
  • Review: Access rights are reviewed regularly; temporary access expires automatically after 30 days.

3. Password & Authentication

Strong authentication protects our information assets.

  • Complexity: Minimum 12 characters, mixing case, numbers, and symbols.
  • Rotation: Mandatory password updates every 90 days.
  • MFA: Multi-Factor Authentication is strongly recommended and mandatory for sensitive systems.
  • Storage: Passwords are never stored in plain text.

4. Endpoint & Network Security

We secure the devices and networks that process our data.

  • Endpoint Protection: All devices run managed antivirus/HIPS software with enforced updates.
  • Network Segmentation: Critical systems are isolated in separate zones with strict firewall rules.
  • Monitoring: Continuous monitoring via AWS GuardDuty and internal IDPS systems.
  • Encryption: AES-256 for data at rest; TLS v1.2+ for data in transit.

5. Incident Response

Our Incident Response Team (IRT) follows a structured process to handle security events:

  1. Identify & Document: Detect the incident and log all relevant details.
  2. Contain & Isolate: Prevent further spread or damage immediately.
  3. Assess & Prioritize: Determine severity and impact.
  4. Notify: Inform affected parties and authorities as required.
  5. Recover & Review: Restore services and conduct a post-mortem to prevent recurrence.

6. Vulnerability Management

We continuously track and remediate threats using a risk-based approach.

  • Continuous Scanning: Regular automated scans of infrastructure and code.
  • Prioritization: Critical/High severity issues are addressed immediately.
  • Remediation: Timely patching of OS, software, and dependencies.

Nomad AI Security Team • security@usenomad.ai