We only ship what survives our own attacks.
Before a Nexgile digital worker reaches production, its blueprint is readable, its behavior is rehearsed on the Simulated Enterprise, and it is attacked with the techniques adversaries will use. This page is how we prove it — and what we haven’t earned the right to claim yet.
EU data protection
California privacy
In transit & at rest
Oversight & approvals
Security & availability
Top of the roadmap — target date: being finalized.
Information security
AI management system
Accessibility conformance
“In place” reflects controls and protections active today. “Roadmap” marks formal third-party certifications we are actively pursuing — we do not claim a certification before it is awarded. Contact security@nexgile.com for current status and documentation.
You’ll notice some chips say Roadmap. That’s deliberate. We publish what’s true, not what’s aspirational — and every claim on this site is labeled the way we label these. Top of the roadmap: SOC 2 Type II — target date: being finalized. While certifications are in flight, here’s what we offer today instead: self-hosted deployment inside your existing compliance boundary, the audit-trail specification, and sanitized export artifacts your security team can review on request.
Security, engineered into every delivery.
The software Nexgile generates ships with security built in — and our own platform is operated to enterprise standards.
Encryption in transit and at rest; encryption with your own keys
Identity and access controls with least-privilege by default
An automatic security review delivered with every project
Continuous monitoring, logging and a defined incident-response process
Responsible-disclosure program for reporting vulnerabilities
Your data stays yours.
Nexgile is a design-time studio: workers rehearse against the Simulated Enterprise — a complete synthetic company — so no production data is required to evaluate them. After delivery, you self-host: there is no Nexgile cloud in the loop.
Rehearsal runs on synthetic data only — no production data in simulation, preview, or red-teaming
You self-host the delivered software on your own infrastructure
Data residency across our Herndon, VA and Hyderabad, India operations
GDPR and CCPA aligned; retention and deletion on request
Sub-processor transparency available on request
AI you can explain — and defend.
For an agentic-AI company, governance is a first-class concern, not fine print. Our foundation is built to make automated decisions accountable.
Explainable, repeatable decisions — not “the model decided”
Deterministic behaviour for routine work; consistent results across runs
Human-in-the-loop approvals, escalation and override at any time
Training-data isolation and prompt-data deletion controls
Four mechanisms, built to be checked.
Every claim on this site stands on one of these. Each is something you can check — in a live session, in an artifact your auditors request, or in a replay — not something you are asked to take on faith.
The Simulated Enterprise
A complete synthetic company in every workspace — customers, tickets, email, chat — so digital workers rehearse real work before they touch a live system. Compress weeks of business events into minutes, attack your workers the way adversaries will, and replay any change against identical scenarios to see exactly what improved. Rehearsal runs on synthetic data only — no production data in simulation, preview, or red-teaming — so your security team can approve a description-based evaluation without a data-sharing agreement.
See it in Nx·StudioDeterministic Cognitive Engine
A compiled rule can’t be flipped by “are you sure?” or a prompt trick — routine decisions are compiled once when a worker is built, so policy holds by construction, not by prompt discipline. The result is the same auditable answer every run, for the worker’s entire production life — and replay demonstrates it: same input, same path, same answer, every time.
Watch the engine route decisionsDeclarative Agent Blueprints
Every digital worker is a readable, versioned blueprint, not a tangle of prompts: what it does, who approves what, where it escalates. Diff it when policy changes, test it like code, trace exactly which version ran when, and hand it to your auditors — they read what the worker will do before it does it. The blueprint is the audit artifact, and like everything the platform generates, it’s yours.
Governance you can readThe Ownership Audit
Every export includes verification tooling your own engineers run against the delivered code. It scans for vendor dependencies, calls to Nexgile domains, and license checks. Run it on your hardware, without trusting us — the verdict is yours to read, and a sanitized sample of its output is available on request. Pair it with byte-for-byte reproducible exports, and the code you audited is provably the code you deployed. “No lock-in” stops being a slogan and becomes a property you prove yourself.
Verify it yourselfDon’t take our word for any of this.
Every export ships the Ownership Audit — tooling your engineers run against the delivered code, scanning for vendor dependencies, calls to Nexgile domains, and license checks. It runs on your hardware, without trusting us. A sanitized sample of its output is available on request: the verdict is yours to read.
And because exports are byte-for-byte reproducible, the code that was audited is provably the code that is deployed.
Determinism gets the same treatment — demonstrated, not asserted. In any live session, ask us to replay the same input down the same governed path and watch it land on the same auditable output.
Runs on your hardware. The verdict is yours to read — and with byte-for-byte reproducible exports, the code you audited is provably the code you deployed.
Your auditors read what a worker will do before it does it.
Governance here isn’t a dashboard over a black box. It’s a set of artifacts you can read, diff, and keep.
The blueprint is the audit artifact
Every worker is a readable, versioned blueprint — its agents and roles, integrations, human-approval gates, routing and decision rules — not buried in prompts and not trapped in a vendor’s runtime. One artifact serves three audiences at once: your engineers version and diff it like code, your governance team reads it before deployment, your auditors verify against it after.
Decision lineage, end to end
Every action lands on a tamper-evident audit trail with full decision lineage: which blueprint version ran, which compiled rule or live judgment fired, who approved what, and when. Routine decisions return the same auditable answer every run — and cannot be talked out of policy by a clever prompt.
The reviewer inbox is owned code
Human approval is generated into the worker itself — a complete reviewer inbox across Slack, Teams, email, SMS, and mobile, with dual sign-off for regulated work. All of it ships as code you own, not a dashboard you rent: your approval policy is enforced in the software, not in a setting on our servers.
How we handle the data you choose to share.
Rehearsal runs on synthetic data only — no production data in simulation, preview, or red-teaming, ever. Every preview, every red-team attack, and every replay happens on the Simulated Enterprise: a complete synthetic company.
Design-time inputs are different, and we treat them that way: if you choose to share documents, RPA definitions, or operational logs to ground your workers in your real volumes, you decide what to share, it’s used only to design your workers, and a data-processing agreement is in place before anything moves.
A description-based evaluation shares nothing at all.
What’s deterministic, what isn’t — and who decides.
Live AI judgment is probabilistic by nature.
That’s why your workers use as little of it as possible: every decision that doesn’t need live judgment is compiled into rules that return the same auditable answer every run — and you can replay them to check. Same input, same governed path, same auditable output.
Where judgment is genuinely needed, workers run under confidence thresholds you set: below the threshold, the case must route to a human — the worker cannot proceed alone.
Escalation isn’t a courtesy. It’s a control.
What your auditors can request.
Every artifact below is sanitized and shared on request — write to security@nexgile.com.
A sanitized blueprint excerpt
Rendered as a readable document — your governance team reads what a worker will do before it does it.
A sample evaluation report
Generated from a simulated run on the Simulated Enterprise — the artifact procurement will ask for.
A sanitized export in miniature
The repo tree, a real runbook page, and a test-and-coverage report from a simulated export — what “production-grade” means in practice.
A redacted security threat-assessment outline
What the security review delivered with a project covers — redacted to properties, never configurations.
The audit-trail specification
The events the tamper-evident audit trail records and the properties it guarantees.
The Ownership Audit’s sample output
A sanitized report from a completed run of the audit — the verdict is yours to read.
Your auditors can read what the worker will do before it does it.
Scoped on purpose. Kept on purpose.
One plain sentence each — scoped to what the platform proves, because a scoped pledge beats a falsifiable absolute.
Rehearsal runs on synthetic data only — no production data in simulation, preview, or red-teaming.
No vendor runtime. No per-decision billing. No calls home.
Nothing stops working if you stop paying us.
Every number on this site comes with how we measured it. When we can’t measure something honestly yet, we don’t publish it.
The house rule covers other people’s numbers too: third-party statistics appear only quoted, attributed, and dated. Our delivery counts carry a method footnote and are re-verified before every publication. And figures that stop reproducing are retired sitewide — not quietly kept.
Reliability
Because you self-host the software we deliver, its availability is in your hands — on your infrastructure, under your SLAs. Our own platform is continuously monitored, with a defined incident-response process. A public status page for Nexgile services is on our roadmap.
Talk to the right team
- Security & disclosure security@nexgile.com
- Privacy & data rights privacy@nexgile.com
- Accessibility accessibility@nexgile.com
You generate it. You preview it. You own it. You run it.
Bring your security, risk, and compliance teams. Every evaluation runs on the Simulated Enterprise, on synthetic data only — your security team can say yes on day one.