# Security ### How NLX handles security NLX protects your workspace and the applications you deploy by controlling access, reducing risk, and ensuring sensitive data is handled appropriately. These features and settings help you manage authentication, enforce workspace standards, and apply guardrails that keep conversations compliant and safe across environments. Security in NLX is supported through: * Access control (who can do what) * Data protection (what gets stored, logged, or redacted) * Runtime protections (input/output checks, abuse prevention) * Auditability (what changed, when, and by whom) #### Access control Use roles and permissions to ensure only approved users can edit flows, deploy builds, manage integrations, or change workspace settings. Common governance goals * Limit who can deploy to production * Restrict who can create/edit integrations (data requests, actions) * Allow read-only access for reviewers and stakeholders > Related: [Roles & permissions](/platform/nlx-platform-guide/governance/roles-and-permissions.md) #### Sensitive data handling NLX lets you reduce exposure of sensitive information by controlling what appears in logs and transcripts. Examples * Mark schema fields as *Sensitive* in integrations so values are redacted * Use *Guardrails* to detect and mask PII patterns (credit cards, IDs, emails) * Ensure production logs don’t store data your policies prohibit > Related: [Guardrails (Mask enforcement)](/platform/nlx-platform-guide/governance/guardrails.md), [Data requests (Sensitive fields)](/platform/nlx-platform-guide/integrations/types/data-requests.md#sensitive) #### Secure integrations and secrets Integrations are often the strongest boundary between your AI application and external systems. NLX supports security best practices through structured schemas and secrets management. Best practices * Store keys and tokens as *Secrets* and not as hardcoded headers * Separate Development vs Production endpoints where possible * Validate payloads with strict request/response schemas > Related: [Integrations](/platform/nlx-platform-guide/integrations/types/managed-integrations.md), [Data requests](/platform/nlx-platform-guide/integrations/types/data-requests.md), [Secrets](/platform/nlx-platform-guide/flows-and-building-blocks/advanced/secrets.md) #### Runtime protections Security also includes what happens while users are interacting with your AI app. NLX guardrails can evaluate and control messages at runtime before user inputs hit an NLP or LLM or before outputs reach users. Guardrails can enforce: * Prompt injection prevention and jailbreak detection (Input) * PII detection/masking (Input/Output) * Brand/legal compliance checks (Output) * Redirecting risky turns to escalation flows > Related: [Guardrails](/platform/nlx-platform-guide/governance/guardrails.md) #### Auditability and governance review For governance and compliance workflows, NLX provides visibility into workspace changes and activity. > Related: [Audit trail](/platform/nlx-platform-guide/governance/audit-trail.md), [Versioning](/platform/nlx-platform-guide/governance/versioning.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nlx.ai/platform/nlx-platform-guide/governance/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.