OTP Login
Every login is verified by a one-time password sent to your registered email.
bcrypt Hashing
Passwords are never stored in plain text — only bcrypt hashes are saved.
Session Tokens
Secure 24-hour session tokens with automatic timeout on inactivity.
Role-Based Access
Admin, Manager, and Sales roles restrict what each user can see and do.
Audit Logging
Every user action is logged with a timestamp for full accountability.
Encrypted Data
Data in transit is protected via HTTPS/TLS encryption at all times.
Responsible Disclosure
If you discover a security vulnerability in any Nexa system, please report it responsibly to info@nexasystems.co.za. We ask that you give us reasonable time to address the issue before any public disclosure. We do not take legal action against researchers who act in good faith.
Questions?
For security-related enquiries, reach us at info@nexasystems.co.za or visit our contact page.