NEXT utilizes industry-standard practices concerning the encryption of data when stored and while in transmission. NEXT also have a documented encryption policy that outlines the requirements for encrypting data and transmissions.
Encryption at rest
All data, including backups, is encrypted at-rest using AES-256 encryption.
Encryption in transit
Data is encrypted while moving between us and the browser with Transport Level Security (TLS) 1.2.
Secure Sockets Layer
Secure Sockets Layer (SSL) certificates are issued and managed through Amazon Web Services, and HTTP Strict Transport Security (HSTS) is enabled. We score an A+ rating on Qualys SSL Labs tests.
Amazon Web Services (AWS) stores and manages data encryption keys in its redundant and globally distributed Key Management Service (KMS). AWS KMS is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2, or are in the process of being validated, to protect your keys.