Neural Edge Join the waitlist

01, Operational posture

We aim for the smallest defensible attack surface that supports the workflow. Today that means: a static-rendered marketing site, a waitlist endpoint that writes to a managed audience service, and no first-party authentication system, no broker integrations, and no client portfolios.

  • Narrow surface. No first-party login. No order routing. No portfolio data.
  • Vetted vendors. Two sub-processors, both contractually bound, both well-known security operators.
  • Minimal data. The only personal data we hold is what you submit to the waitlist.
  • Plain communication. Incidents are explained in writing, not minimised in marketing copy.

02, Hosting and edge

The Neural Edge site is hosted on Vercel. Static assets are served from Vercel's global edge network. Server-side functions run in Vercel's serverless runtime within regions selected for latency and data-residency considerations. Vercel is SOC 2 Type II reported and ISO 27001 certified.

03, Data flow

The waitlist data flow is simple and visible end-to-end:

  • You submit an email through the form on the site.
  • The request lands in a serverless function on Vercel over TLS.
  • The function validates, rate-limits, and forwards the email to Resend's audience API.
  • Resend stores the email in the configured audience and sends transactional confirmations.
  • No third-party analytics, tracking pixels, or advertising tags are loaded as part of this flow.

04, Authentication

The site does not currently expose authenticated user surfaces. When the product opens for paid access, we will use established identity providers, enforce password-strength rules, support multi-factor authentication on customer accounts, and require MFA on all internal administrative accounts as a non-negotiable baseline.

05, Access control

Access to production systems is restricted to a small number of named engineers under role-based controls. Vendor consoles (Vercel, Resend, the domain registrar, and the source-code host) require multi-factor authentication. Access is reviewed at least quarterly. Access is revoked promptly on role change or departure.

06, Encryption in transit

All traffic to the Neural Edge site, including the waitlist endpoint, is served over HTTPS using modern TLS. HSTS is enabled. Where vendor APIs are called server-side, TLS is enforced and certificate validation is mandatory.

07, Encryption at rest

Personal data held by our sub-processors (waitlist emails at Resend, log data at Vercel) is encrypted at rest by those providers. We do not maintain a self-hosted database for personal data.

08, Logging and retention

We retain server logs for up to 30 days for debugging and security monitoring. Logs are scoped to operational metadata (request path, status code, user-agent, IP, timestamp); they do not contain authentication credentials, payment data, or broker credentials, because we do not collect those things. Waitlist email retention is described in the Privacy Policy.

09, Sub-processors

The current sub-processor list is short and stable:

  • Vercel, hosting, edge delivery, serverless runtime, request logs.
  • Resend, transactional email and waitlist audience management.

Cookies and local storage are minimal and limited to strictly necessary purposes. We will give reasonable advance notice before adding a new sub-processor that materially changes how personal data is processed.

10, Engineering practice

  • Code review on changes to production branches.
  • Dependency-vulnerability scanning on every merge.
  • Secrets stored in a managed vault, never in source.
  • Production deployment via a single, audited pipeline.
  • Reproducible builds and deterministic configuration per environment.

11, Incident response

Confirmed incidents that affect personal data or service availability will be communicated to affected users by email without undue delay, with a clear description of what happened, what is known, what we are doing, and what (if anything) is required of you. Where applicable law sets a notification window, we will meet it.

12, Vulnerability disclosure

We welcome reports from security researchers acting in good faith. Email legal@neuraledge-hub.com with a description of the issue, steps to reproduce, and any proof-of-concept material. We commit to acknowledging your report within five working days. We do not pursue legal action against researchers who follow responsible-disclosure norms, avoid degradation of the Service, and avoid access to personal data beyond the minimum necessary to demonstrate the issue.

13, Compliance posture

Neural Edge is a pre-launch research-tooling company. We do not currently hold SOC 2, ISO 27001, or equivalent certifications under our own audit boundary. We rely on the certifications of our sub-processors for the controls they own (hosting, transactional email). As the product surface widens and customer obligations require, we expect to bring an independent audit boundary inside our perimeter; we will not claim certifications we do not hold.

14, Contact

Security questions and disclosure reports: legal@neuraledge-hub.com.