// TRUST & SAFETY · SECURITY PRACTICES · DISCLOSURE

Security

Our commitment to protecting your data and our infrastructure

🔒 HTTPS Enforced — All traffic to bjnexora-solutions.com is encrypted in transit via TLS 1.2+

Security & Reputation Status

Last verified: May 26, 2026 — all systems nominal

Fortinet FortiGuard Category: Information Technology (reclassified May 26, 2026)
Google Safe Browsing No malicious content detected
VirusTotal No malicious detections
SSL Labs A+ TLS configuration
Email Authentication SPF, DKIM, and DMARC configured
HTTPS Enforcement Enforced across all production services

Our Security Posture

Security is foundational to what we do. BJNexora Solutions builds tools used by federal agencies and enterprises where reliability and data protection are non-negotiable. We apply the same standards to our own infrastructure that we recommend to our clients.

Website Security

The bjnexora-solutions.com website is secured with the following controls:

  • HTTPS / TLS — All connections are encrypted. HTTP requests are automatically redirected to HTTPS.
  • Security headers — We enforce X-Frame-Options: DENY, X-Content-Type-Options: nosniff, X-XSS-Protection, and a strict Referrer-Policy on all responses.
  • Permissions Policy — Camera, microphone, and geolocation access are disabled by policy.
  • No inline credentials — No API keys, secrets, or tokens are embedded in any client-side code.
  • Content minimization — The site serves only static HTML, CSS, and images. No server-side session state is maintained.

Data Handling

Contact form submissions and trial license requests are processed via Google Firebase Cloud Functions (Google Cloud Platform, US region). We apply the following data protection practices:

  • Data is transmitted only over encrypted channels (HTTPS)
  • Form submissions are not logged to browser-accessible storage
  • Personal data collected is limited to what is necessary to respond to your inquiry
  • We do not store payment card data — no payment processing occurs on this site
  • We do not collect or process classified, controlled unclassified (CUI), or personally identifiable government information through this website

NexoLoad Software Security

NexoLoad binaries are distributed directly from our Netlify-hosted CDN over HTTPS. Software integrity guidance:

  • Always download NexoLoad from bjnexora-solutions.com/downloads/ — do not use third-party mirrors
  • Verify binary checksums when provided in your license delivery email
  • NexoLoad does not phone home, send telemetry, or transmit test data to BJNexora servers unless explicitly configured
  • License keys are validated locally or against our Firebase endpoint over HTTPS

Federal and Compliance Considerations

For federal deployments, we understand that NexoLoad may be used within environments subject to FISMA, NIST 800-53, and agency-specific security frameworks. We support customers in their ATO (Authority to Operate) process by providing:

  • Software Architecture and Data Flow documentation upon request
  • No persistent outbound network connections during load test execution (Lite mode)
  • Air-gapped deployment support for classified or restricted environments

Contact us at contacts@bjnexora-solutions.com for security documentation requests.

Responsible Disclosure

We take vulnerability reports seriously. If you believe you have discovered a security issue in our website, software, or infrastructure, please report it responsibly.

Security Contact

Email: contacts@bjnexora-solutions.com

Subject line: [SECURITY] followed by a brief description

We will acknowledge your report within 3 business days and provide a resolution timeline. We ask that you not publicly disclose vulnerabilities until we have had reasonable time to address them.

Scope

In-scope for responsible disclosure:

  • bjnexora-solutions.com and all subdomains
  • NexoLoad binary — license validation, CLI behavior, output handling
  • Firebase Cloud Functions endpoints used for form/license processing

Out of scope: social engineering attacks, physical security, denial-of-service testing against our production infrastructure, and issues in third-party services (Google Analytics, Netlify, Firebase) that should be reported directly to those vendors.

Contact

For security-related questions or to report an issue: