Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.nusomi.com/llms.txt

Use this file to discover all available pages before exploring further.

Nusomi is built around recording real work, which means the system handles whatever the operator sees on screen. The default posture is: capture nothing the operator can’t already see, never escape the customer’s trust boundary, log every access.

Trust boundaries

SurfaceWhere data lives
SaaSNusomi-managed VPC (us-east-1, eu-west-1, or ap-south-1, customer’s choice).
Self-hostedCustomer’s VPC. No data crosses to Nusomi.
Self-hosted customers do not transmit frames, events, metadata, or memory-graph state to Nusomi infrastructure. The license check is the only outbound call (and is offline-able for air-gapped installs).

Encryption

StateMechanism
In flightTLS 1.3 only. mTLS optional on self-hosted.
At rest (frames)Object-store-side AES-256 (S3 SSE-KMS / GCS CMEK / Azure customer-managed key).
At rest (Postgres)Volume encryption + per-row field encryption for sensitive metadata.
In SDK buffersAES-256-GCM with a per-session key.
Customer-managed keys (BYOK) are supported on the enterprise tier — you hold the KMS key, Nusomi never sees plaintext at rest.

Access control

  • SSO via SAML / OIDC for the dashboard. Defaults to your IdP’s auth policy.
  • Workspace roles: owner, admin, member, read-only.
  • API key scopes: read, write, admin, plus optional replay:live for live-sandbox replay.
  • Just-in-time replay access: replays of live-sandbox runs require a fresh per-replay token, optionally via your IdP.

Audit log

Every access is logged. The audit log is queryable via the API and exportable to your SIEM: 
GET /v1/audit?since=24h&actor=alex@nusomi.com
Each entry records: actor, action, resource, IP, user agent, request id, and result. Retained 18 months by default; longer on enterprise. Event types covered:
  • API key created / revoked / used
  • Session viewed / exported / deleted
  • Replay triggered (with sandbox)
  • Workspace member added / role changed / removed
  • Webhook subscribed / delivered / failed

PII handling

The capture layer sees what the operator sees, including PII. Three controls:
  1. Workspace-level masking patterns — see masking. Credit cards, SSNs, OAuth tokens, etc., redacted at capture time.
  2. Field-level redaction in the browser extension — right-click any field to mark it sensitive.
  3. Domain blocking — managed Chrome policy can prevent the extension from running on listed domains.
Masking is applied at capture, before frames or events leave the operator’s machine in self-hosted, and at the ingest edge in SaaS. Redacted regions are never persisted in any form.

Tenant isolation (SaaS)

  • Postgres: separate logical databases per workspace, row-level security on shared tables.
  • Object store: per-workspace prefix, IAM-scoped.
  • Redis: per-workspace key prefix.
  • Compute: shared workers, request-bound workspace context, no cross-tenant in-process state.

Vulnerability program

  • Pen tests: annually, by an external firm. Reports available under NDA from your AE.
  • Bug bounty: scoped program, reach out to security@nusomi.com for the brief.
  • Disclosure: 90-day responsible disclosure window.

Compliance

See compliance for the controls map.
StandardStatus
SOC 2 Type IIAnnual audit. Latest report under NDA.
ISO 27001Certified.
GDPRDPA available; EU data residency option.
HIPAABAA available on enterprise tier.
FedRAMP ModerateIn progress.

Incident response

24×7 on-call. Customer notification within four hours of incident classification. Status page at status.nusomi.com. Post-mortems within ten business days for customer-impacting incidents. For security disclosures, email security@nusomi.com (PGP key on the website footer).