Infrastructure
Cloudflare-native from the ground up
NeuralConfig doesn't bolt Cloudflare onto existing infrastructure. Every service — compute, storage, DNS, CDN, and security — runs natively on Cloudflare's global edge network across 300+ cities worldwide.
Edge compute, no origin servers
Application logic runs on Cloudflare Pages and Workers at the edge. There are no traditional servers, VMs, or containers to patch, expose, or attack.
Automatic DDoS mitigation
Every request is protected by Cloudflare's DDoS mitigation. Volumetric, protocol, and application-layer attacks are absorbed before they reach application code.
Web Application Firewall
Cloudflare WAF inspects all traffic and blocks known attack patterns, zero-day exploits, and malicious payloads at the edge.
No third-party hops
DNS resolution, TLS termination, compute, and storage all happen within Cloudflare's network. Traffic never routes through external providers.
Data Protection
Encrypted everywhere, stored nowhere else
All data is encrypted in transit and at rest. Every storage layer runs within Cloudflare's infrastructure with built-in encryption — your data never leaves their network for processing.
TLS 1.3 in transit
All connections use TLS 1.3 by default. Older TLS versions are disabled. Certificate management is automatic.
Database encryption
Cloudflare D1 provides built-in encryption at rest for all relational data, running entirely within Cloudflare's infrastructure.
Distributed key-value storage
Cloudflare KV distributes cached data globally with encryption at rest across every edge location.
Object storage
Cloudflare R2 stores objects with server-side encryption. No egress fees incentivize keeping data within the network.
Access Control
Zero Trust authentication at every layer
NeuralConfig never stores passwords. Authentication is delegated to identity providers or handled through short-lived magic links. Administrative access is enforced by Cloudflare Zero Trust before requests reach application code.
Delegated identity
Authentication is handled by identity providers (IdP). NeuralConfig verifies identity tokens but never stores or processes credentials.
Passwordless magic links
Email-based authentication uses short-lived, single-use tokens. No passwords to leak, phish, or brute-force.
Cloudflare Zero Trust
Administrative and internal routes are protected by Cloudflare Access. Identity verification and policy enforcement happen at the edge, before traffic ever reaches the application.
Short-lived sessions
Session tokens are cryptographically signed with short expiration windows. Device posture and session controls are enforced by Zero Trust policies.
Compliance
Built on certified infrastructure
NeuralConfig builds exclusively on Cloudflare's infrastructure. Cloudflare maintains the following third-party certifications and attestations:
SOC 2 Type II
ISO 27001
PCI DSS Level 1
FedRAMP Moderate
These certifications belong to Cloudflare, NeuralConfig's infrastructure provider. For details, see Cloudflare's Trust Hub.
CISSP-certified leadership
NeuralConfig's technical leadership holds the Certified Information Systems Security Professional (CISSP) credential, informing architecture, risk assessment, and operational security decisions.
A2P-compliant messaging
SMS practices meet Application-to-Person (A2P) compliance requirements with documented opt-in, opt-out, and disclosure mechanisms. See our
Terms of Service and
Privacy Policy.
Privacy
Respectful by default
NeuralConfig collects only what is necessary to deliver services. We don't monetize user data, run advertising networks, or share personal information with third parties for marketing.
Privacy-respecting analytics
Website analytics are powered by GoatCounter — no cookies, no personal data collection, no cross-site tracking. It's the only external script on public pages.
No advertising or tracking
No ad networks, tracking pixels, retargeting scripts, or third-party analytics platforms. No data is sold or shared for marketing purposes.
Minimal data collection
NeuralConfig collects account information (email, name), usage data necessary for service delivery, and phone numbers only when explicitly provided for voice or SMS services. Full details are in our
Privacy Policy.
Application Security
Small surface area, strong defaults
Security decisions start with reducing attack surface. NeuralConfig's architecture minimizes external dependencies, eliminates server management, and enforces security policies at the edge.
Minimal external dependencies
Public pages load a single external script (GoatCounter for analytics). No client-side frameworks, heavy JavaScript bundles, or third-party widget scripts that expand attack surface.
Edge-enforced rate limiting
API endpoints are validated and rate-limited at the Cloudflare edge, stopping abuse before it reaches application logic.
Security headers
Content Security Policy, Strict-Transport-Security, X-Content-Type-Options, and other security headers are enforced on all responses via Cloudflare configuration.
CISSP-informed development
Architecture and code review decisions are guided by CISSP domains including security engineering, software development security, and risk management.
Communications
Secure, transactional, and transparent
Voice and SMS capabilities are powered by Twilio's enterprise communications platform. All communications are strictly transactional — NeuralConfig never sends marketing messages.
- All voice calls are encrypted in transit via Twilio's infrastructure
- SMS messages are limited to transactional use: appointment confirmations, reminders, verification codes, and service notifications
- Opt-in is required before any SMS is sent — via verbal consent on a call or explicit checkbox in web applications
- Opt-out is available at any time by replying STOP to any message
- Phone numbers are never sold, shared, or used for third-party marketing
See our Terms of Service, Privacy Policy, and the StrandCalls privacy addendum.
Incident Response
Monitored, documented, reachable
NeuralConfig maintains automated health monitoring across all services with defined response procedures for incidents.
Automated health checks
All services are monitored with automated health checks. Degradation is detected and alerted on before users notice.
Defined response procedures
Security incidents follow documented response procedures including identification, containment, remediation, and communication.
Questions about security?
We're happy to discuss our security practices in detail.
Contact NeuralConfig