Security and data handling

A factual posture for the public website.

These statements describe what is verifiable in NuclearDocs.com and its live deployment. They do not represent unverified product controls, certifications, or contractual commitments.

Current

Static-first public architecture

Next.js pages are designed for static rendering and delivery through Vercel. The public website has no application database, authenticated workspace, upload flow, or licensing analysis backend.

Current

Minimal website collection

No public form, scheduler, CRM, analytics, Speed Insights, advertising tracker, session replay, or browser-storage workflow is enabled by default in website code.

Current

Transport and browser protections

Vercel serves the site over HTTPS and supplies HSTS. Application headers restrict content sources, framing, MIME sniffing, referrer data, and access to selected browser capabilities.

Current

Public configuration only

Client-exposed environment values configure public URLs and feature switches. No secret is intended to be placed in a `NEXT_PUBLIC_` variable or in this repository.

Planned

Approved contact integration

A future provider must be approved with its fields, destination, disclosures, retention, failure behavior, and privacy terms documented before public data collection begins.

Not claimed

Certifications and product controls

No SOC 2, ISO 27001, FedRAMP, NIST, NRC compliance, encryption, backup, access-control, incident-response, or audit capability is represented here without separate verification.

A relevant next step

Discuss requirements that need verification.

Security, privacy, and data-handling requirements should be verified before they become contractual representations.