Skip to Content
Nemu Inc.
Network Security🌐 Network Protection and Architecture

🌐 Network Protection and Architecture

1. Purpose

This document describes Nemu Inc.’s use of network security controls, including firewalls, routing, and secure connectivity for services.

2. CSP-Managed Network Security

As a cloud-native organization, Nemu Inc. relies heavily on CSP-managed network controls:

  • Supabase:
    • Provides secure endpoints for Postgres and storage over TLS.
    • Uses cloud provider security groups, firewalls, and network isolation.
  • Render:
    • Manages network routing, TLS termination, and isolation between services.
  • Google Workspace:
    • Uses Google’s global network infrastructure and secure access methods.

3. Application-Level Network Protections

  • All public-facing endpoints are exposed over HTTPS only.
  • Sensitive internal services and administration consoles are protected by authentication and access controls.
  • API endpoints validate authentication tokens or session data before processing requests.

4. Network Diagram

A high-level network/data flow diagram (maintained internally) generally includes:

  • Users accessing web and mobile clients.
  • Clients communicating with Next.js/Node.js services hosted on Render.
  • Applications connecting securely to Supabase using TLS-encrypted connections.
  • Administrative access to Supabase and Render via authenticated web consoles.

5. Audit Evidence

  • High-level architecture and data flow diagrams.
  • Screenshots of HTTPS and TLS configurations.
  • CSP security documentation regarding network protections.

6. SIG Questionnaire Responses

6.1 Network Security Program

Nemu Inc. maintains a defined Network Security Program that outlines required security controls, use of cloud‑service–provider (CSP) managed protections, secure configuration requirements, and access control expectations.
This policy is reviewed at least annually by the engineering leadership team and communicated to all relevant personnel. As a cloud‑native organization using Render (SOC 2–aligned) and Supabase, our program leverages CSP‑managed security baselines and enforces company-wide network protection standards.

6.2 External Network Termination

All connections to external networks—including the public internet and any partner integrations—are terminated at CSP‑managed firewalls.
Render provides firewalling, network segmentation, WAF services, and TLS termination for all deployed services. Supabase also provides firewall‑protected managed Postgres and object storage endpoints.

6.3 People Risk Protocols

Nemu Inc. enforces strict access control, acceptable‑use rules, security training, and monitoring to mitigate people‑related risks.
All internal personnel and contractors must adhere to system usage procedures, and violations trigger investigation, correction, and access review workflows.

6.4 Network Device Patching

As Nemu operates on SOC 2–compliant CSP platforms, all underlying network devices (firewalls, routers, switches, hypervisors) are patched and maintained by Render, Supabase, and Google Cloud.
Nemu ensures application‑level patching through active dependency management, CI workflows, and vulnerability scanning.

6.5 Intrusion Detection / Prevention

Render provides managed WAF/IP filtering and network‑level threat detection capabilities. Additionally, Nemu employs application‑layer logging, anomaly detection, rate limiting, and abuse monitoring to supplement CSP‑level intrusion detection.

6.6 DMZ Environment

Nemu does not manage its own physical or virtual DMZ. All externally exposed workloads run within Render’s managed, segmented, SOC 2–compliant environment. Security boundaries, routing, TLS termination, and network segmentation are handled by the CSPs.

6.7 Network Device Standards & Baselines

Since all network devices are managed by CSP providers, baseline security configurations, strong authentication, firewall rules, patching, network segmentation, and access controls are maintained by Render and Supabase according to SOC 2 requirements. Nemu enforces access control, MFA, secure credential management, and least‑privilege principles for all administrative access to cloud consoles.

7. Compliance Mapping

  • SOC 2: CC6.6, CC7.1
  • ISO 27001:2013: A.13.1, A.13.2

Contact: support@mynemu.com
© 2025 Nemu Inc.. All rights reserved.

Last updated on
🛡️ Data Loss Prevention (DLP) ProgramNth Party Management