Security & data handling — installed platform

What runs on your server, where the data goes, and how we handle credentials.

This page describes the installed N.T.J platform (Crewix, Flowly, Peekly, Wirely, Cloudzy, BlinkCalc, DevLoop, PopCart) that customers run on their own VPS. For security of the marketing website at ntjtech.com, see Security (marketing site).

1. Installation model

The platform is fully self-hosted. The customer owns the VPS and everything on it.

2. Data location

Customer data lives only on the customer's VPS. Nothing is streamed to N.T.J.

3. Encryption

In transit. All product interfaces are served over HTTPS using certificates from Let's Encrypt, renewed automatically. HSTS is enabled. TLS 1.2 or higher only.

At rest. Filesystem encryption is configurable at the VPS layer, which the customer controls. Hetzner offers full-disk encryption on request; most other reputable providers offer the same. We do not add a second application-layer encryption pass — the design assumption is that the disk is the encryption boundary.

Backups. Backup archives are encrypted with a customer-supplied passphrase using age or GPG symmetric encryption. The passphrase never leaves the customer's hands. If they lose it, we cannot recover the backup — this is by design.

4. Credentials and access

5. Sub-processors (installed platform)

For an installed platform, the sub-processor list is short and depends on where the customer chooses to run it.

If the customer chooses their own VPS provider (DigitalOcean, OVH, AWS Lightsail, on-premises, anything else), that provider is their sub-processor, not ours.

6. Backups and recovery

7. Updates and patch policy

8. Incident response

In the event of a personal data breach that affects a customer install we are aware of, we will notify the customer within 72 hours, in line with our Privacy Policy.

Customer support runs from contact@ntjtech.com with a one business day response target.

For critical incidents on a customer install, an agreed escalation contact is provided at contract signing.

9. What we do not offer (today)

To save your team time on the security questionnaire, here is what we do not currently have. If any of these are hard requirements for your organisation, please tell us early.

None of these are permanent choices — they reflect where we honestly are today. We would rather tell you now than in an audit response.

10. Contact for security questions

Please email contact@ntjtech.com with the subject line "Security review" for faster routing. We are happy to answer follow-up questionnaires and to talk directly with your IT or security team.


Last reviewed 11 July 2026. We will update this page when the platform's architecture or practices change.