Security & data

Your data stays yours — and stays in your region.

Nuqo is built for manufacturers who can't send drawings and part data just anywhere. You decide where your data lives, keep it encrypted end to end, and know it's never used to train third-party AI models.

Data residency

Choose the region your data lives in

Pick the jurisdiction that fits your compliance requirements. This is about keeping your data where you need it — not an argument about which region is better.

EU-only

Your documents, quotes, and account data stay in the EU.

  • Application hosting — Hetzner, Germany
  • Database — Neon (PostgreSQL), EU region
  • File storage — Cloudflare R2, EU

US-only

A US-only region is provisioned for your organization at onboarding, so your data stays within US borders.

  • Dedicated US region, set up per customer
  • Same encryption and access controls
  • Requested during onboarding

Data protection

How your data is protected

Your data stays yours. Where we rely on external AI providers, we use only endpoints that are contractually barred from training on your data.

Encrypted in transit & at rest

All data is encrypted in transit over TLS and encrypted at rest by our infrastructure providers. Passwords are hashed with Argon2id.

Role-based access & secure sessions

Access is controlled by role-based permissions. Sessions use HttpOnly, SameSite, and Secure cookies, backed by regular security updates and monitoring.

Every price is traceable

Nothing is a black box. Every material price and labor step links back to the source document or catalog it came from — so you can audit each number.

Human oversight

A human confirms every quote before it goes out

Nuqo does the heavy lifting — reading documents, matching parts, pricing labor — but it never sends a quote on its own. Your estimator reviews the result, answers the questions Nuqo flags, and presses go. AI drafts; people decide.

Quote review with clarifying questions in Nuqo
  1. 1

    Nuqo flags what it's unsure about

    Instead of guessing, Nuqo raises clarifying questions next to the exact source document — ranked by importance.

  2. 2

    Your estimator reviews and answers

    You confirm matches, edit anything you need to, and add expertise the documents didn't spell out.

  3. 3

    You press go

    Nothing is finalized until a person confirms it. The quote is yours to send once you're satisfied.

Compliance

Compliance you can verify

Enterprise-grade data protection and security practices — in place today and documented for your security review.

In place today

  • GDPR-compliant processing
  • Signed Data Processing Agreement (Art. 28 GDPR)
  • Regional data residency — EU-only or US-only
  • Encryption in transit and at rest
  • Role-based access control and secure sessions
  • Two-factor authentication (on request)
  • Regular internal penetration testing

On our roadmap as we scale

SOC 2 and ISO 27001 are planned for our next stages of growth. Until then, the controls above and our DPA give you concrete assurances today.

Need more for your procurement review?

We're happy to complete your security questionnaire and share our security one-pager and DPA on request.

Questions about security or data handling?

Book a demo and we'll walk your team — including IT and procurement — through exactly how Nuqo handles your data.