1. Current prototype boundary
StudyOps is a static, client-side prototype. It has no authentication, user accounts, database-backed storage, payment processing, saved server-side audit reports, or PHI workflow.
StudyOps is not a clinical system of record and should not be used as one.
2. Current safeguards
- HTTPS is expected to be provided through the hosting platform.
- Source code is version controlled.
- Lint and TypeScript checks are part of the development workflow.
- Application changes undergo repository review.
- Non-sensitive Visibility Audit drafts remain in browser localStorage.
- Production deployment is planned through a dedicated hosting platform.
These statements do not represent penetration testing, a formal audit certification, a guarantee of encryption at rest, or a mature formal incident-response program.
3. Your responsibilities
Do not enter PHI, patient data, passwords, credentials, API keys, secrets, or confidential sponsor documents.
Do not use StudyOps as a clinical system of record or as a repository for regulated or sensitive clinical information.
4. Shared responsibility
Nurenyx is responsible for its application code and configuration. Hosting and infrastructure providers operate their respective platform layers. Users are responsible for the information they choose to submit or retain in their browser.
Security is a shared responsibility, and no system can guarantee absolute security.
5. Responsible disclosure
Please report a suspected security issue privately to innovations@nurenyx.ai. Do not include sensitive information in your first message.
Provide a concise description and safe reproduction steps where possible. Nurenyx does not offer a public bug-bounty or reward promise at this time.
6. Planned controls
The following items are future work and are not represented as current capabilities:
- Authentication.
- Authorization.
- Organization and workspace isolation.
- Audit logging.
- Secrets management.
- Database security.
- Backup and recovery.
- Incident-response procedures.
- Formal privacy and security review.
- Role-based access control.
- Monitoring and alerting.
- Secure billing integration.
7. Security contact
For security questions or private reports, contact innovations@nurenyx.ai.