How your data is encrypted

At rest

Meta and Google access tokens are encrypted with AES-256-GCM before being written to the database. The encryption key is held in environment configuration, separate from the database itself, so a database compromise alone doesn't yield usable tokens.

In flight

Every request to and from thenexusclub.org runs over TLS 1.3 with modern cipher suites. The platform is hosted on Vercel; database connections use TLS to Neon's serverless Postgres.