At Next For Decision (N4D), we take security seriously. Your strategy data is protected using industry-standard security measures.

1. Data Encryption

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
• Encryption at Rest: All data stored in our databases is encrypted using AES-256
• Encrypted Backups: All backups are also encrypted

2. Multi-Tenant Data Isolation

N4D uses a multi-tenant architecture where each company's data is completely isolated from others:

• Logical Separation: Each company has a unique tenant ID, ensuring data queries never cross boundaries
• Database Partitioning: Company data is partitioned at the database level
• Access Control: Users can only access data within their assigned company
• Audit Trails: All data access is logged and monitored

3. Authentication and Access Control

3.1 User Authentication

• Password Requirements: Minimum 8 characters
• Password Hashing: bcrypt with salt (industry best practice)
• Session Management: Secure, HttpOnly cookies with expiration
• Single Sign-On (SSO): Google SSO integration available for seamless authentication

3.2 Role-Based Access Control (RBAC)

N4D implements flexible, feature-level permissions through a role-based system:

Default Roles (Read-Only Templates)

New companies start with 5 pre-configured roles that serve as templates:

• CXO: Executive-level access - read Executive Summary, full read/write on strategies, tactics, and initiatives
• Manager: Management-level access - read/write on strategies, tactics, initiatives, and behavior guidelines
• Team Lead: Team-level access - read/write on tactics and initiatives
• Staff: Individual contributor - read-only access to initiatives and dashboard
• System Admin: IT administrator - Manager permissions + Settings write access

Custom Role Creation

Companies can create custom roles by copying existing roles and modifying permissions:

• Copy Role: Duplicate any default role and customize permissions
• Feature-Level Control: Set access for each feature independently (Executive Summary, Dashboard, Settings, Strategies, Tactics, Initiatives, etc.)
• Three Access Levels: None (no access), R (read-only), RW (read/write - includes create/update/delete)
• Granular Permissions: Configure access per feature, not just pre-defined role templates

Note: Default roles are read-only (locked) and cannot be edited directly. All customization is done through the Copy Role function.

4. Infrastructure Security

4.1 Cloud Hosting

N4D is hosted on Amazon Web Services (AWS):

• DDoS protection via AWS Shield
• Redundant infrastructure across multiple availability zones
• Web Application Firewall (WAF) for application-layer protection

4.2 Network Security

• Firewalls: Web Application Firewall (WAF) to block malicious traffic
• Monitoring: System alerts for suspicious activity

5. Application Security

5.1 Secure Development Practices

• Code Reviews: All code changes are peer-reviewed before deployment
• Static Analysis: Automated security scanning for vulnerabilities
• Dependency Management: Regular updates to patch known vulnerabilities
• Input Validation: All user inputs are sanitized to prevent injection attacks (SQL, XSS)

5.2 No AI or External Integrations

Unlike other platforms, N4D intentionally avoids:

• ❌ AI auto-prediction (to eliminate AI-related security risks)
• ❌ External API integrations (to prevent data leakage)
• ❌ Third-party data sync (to maintain data quality and security)

This design choice minimizes the attack surface and keeps your strategy data fully isolated.

6. Data Backup and Disaster Recovery

6.1 Automated Backups

• Frequency: Daily automated backups of all data via AWS RDS
• Retention: Backups retained for 30 days
• Encryption: All backups are encrypted at rest
• Redundancy: Backups stored in AWS S3 with multi-AZ redundancy within the same region
• Point-in-Time Recovery: Database can be restored to any point within the retention period

6.2 Disaster Recovery

• Multi-AZ Deployment: AWS RDS Multi-AZ configuration with automatic failover to standby instance in case of primary failure
• Failover Time: Automated failover typically completes within 1-2 minutes
• Backup Restoration: Database can be restored from backups in case of data corruption or accidental deletion
• AWS SLA: 99.95% monthly uptime guarantee for Multi-AZ deployments

7. Monitoring and Incident Response

7.1 System Monitoring

• Automated alerts for system issues and abnormal activity
• Performance monitoring to detect and prevent outages

7.2 Incident Response Plan

In the event of a security incident:

1. Detection: Automated alerts notify our security team immediately
2. Containment: Affected systems are isolated to prevent further damage
3. Investigation: Root cause analysis and forensic review
4. Notification: Affected customers are notified within 72 hours (as required by GDPR and CCPA)
5. Remediation: Vulnerabilities are patched and systems are restored
6. Post-Mortem: Incident report and preventive measures are documented

8. Compliance and Certifications

8.1 Current Compliance Status

• ✅ CCPA Compliant (California Consumer Privacy Act)
• ✅ GDPR Compliant (General Data Protection Regulation)

9. Third-Party Services

We use the following trusted third-party services:

• Cloud hosting: Amazon Web Services (AWS)
• Payment processing: Stripe (handles all payment data securely)
• Email delivery: AWS SES
• Authentication: Google SSO (OAuth) for seamless single sign-on

10. Customer Security Best Practices

You can help keep your account secure by:

• Using a strong, unique password (8+ characters)
• Regularly reviewing user access and removing inactive users
• Not sharing login credentials
• Logging out on shared devices

11. Data Deletion and Export

11.1 Data Export

You can export your data at any time in CSV format through your account settings.

11.2 Data Deletion

• Upon account cancellation, data is retained for 90 days (to allow for recovery)
• After 90 days, all data is permanently deleted from our systems and backups
• Immediate deletion is available upon request (contact support)

12. Contact Us

If you have security questions or concerns, please contact us:

• Email: support@n4decision.com
• Mail: 1021 E Lincolnway Suite #9885, Cheyenne, Wyoming 82001, United States

---

Security is an ongoing commitment. We regularly review and update our security practices to protect your data.