Nova for Enterprise

The AI coding workspace
your security team will sign off on.

SSO, SCIM, per-tenant RLS, BYOK, immutable audit, VPC deployment and a 99.9% SLA. Nova is what enterprise teams reach for when Cursor and Claude for Work can't clear procurement.

Talk to salesRead the security brief

Typical response in under one business hour.

saml-okta.yml
0.0%
Uptime SLA
0h
P1 response
0yr
Audit retention
0+
Countries supported

Engineering teams shipping on Nova

NORTHWIND
ATLAS
HELIX
PARALLEL
OBSIDIAN
MERIDIAN

Everything procurement asks for

Eight controls, one platform. No bolt-ons, no surprise paywalls, no per-feature pricing.

Enterprise SSO

OIDC + SAML 2.0 with Okta, Azure AD, Google Workspace and Auth0. SCIM provisioning, MFA enforcement and just-in-time roles.

Per-tenant RLS

Every row in Postgres is tenant-scoped with row-level security. Your data is mathematically isolated from every other customer.

Bring your own keys

Pin DeepSeek, OpenAI, Anthropic or Azure OpenAI keys. Inference traffic stays in your provider account — we never see the tokens.

Immutable audit log

Every privileged action is signed and chained. Export to CSV/JSON or stream into Splunk and Datadog. Up to 7-year retention.

VPC deployment

Self-hosted in your AWS, GCP or Azure VPC. Terraform module, private networking, customer-managed KMS keys.

Cost guardrails

Per-project token budgets, model allow-lists and weekly spend alerts to Slack. Stop the surprise bill before it happens.

Approvals & policy

Require human approval before production deploys, schema changes or outbound webhooks. Policies as code.

Dedicated support

Named CSM, shared Slack channel, 4-hour P1 response and quarterly architecture reviews.

How Nova compares

Side-by-side with the two tools your team is probably already paying for.

CapabilityNova EnterpriseCursor BusinessClaude for Work
Per-tenant database isolation (RLS)LimitedLimited
SAML 2.0 SSO + SCIM provisioning
Bring your own LLM keys (BYOK)
Self-hosted VPC deployment
Immutable, signed audit log w/ exportBasicBasic
Cost guardrails + per-project budgets
Per-deploy human approvals
99.9% uptime SLA with credits
Quarterly architecture reviews

Pick your deployment shape

From a shared multi-tenant pilot to a fully self-hosted VPC in 30 days.

Shared SaaS

Default. Multi-tenant on our hardened Supabase + Vercel stack. Tenant-isolated by RLS. Best for fast pilots.

Dedicated SaaS

Your own Supabase project + Vercel deployment, managed by us. Single-tenant database, custom subdomain, regional residency.

Self-hosted VPC

Deploy Nova into your AWS / GCP / Azure VPC. Terraform module, customer-managed KMS, zero outbound to our infra.

Architecture, end to end

Nova's data-plane is auditable, isolated and replaceable.

Identity
OIDC · SAML · SCIM · MFA
Data
Postgres RLS · AES-256 · TLS 1.2+
Inference
BYOK · DeepSeek · OpenAI · Anthropic
Delivery
GitHub PRs · approvals · audit

Compliance & legal

No fluff. Here's exactly where we are.

GDPR + CCPA
Compliant today
SOC 2 Type 1
In progress · Q3 2026
SOC 2 Type 2
Roadmap · Q1 2027
ISO 27001
Roadmap
HIPAA
Available on request
DPA + MSA
Signable in 1–2 weeks
SecurityPrivacyDPAMSAStatus

Let's talk.

Tell us about your team and security requirements. A senior solutions engineer — not an SDR — will reply within one business hour with a tailored architecture proposal and pricing.

  • Architecture call within 24h
  • Custom security questionnaire returned in 5 business days
  • 30-day pilot with named CSM
  • Procurement in 1–2 weeks

Talk to the Nova enterprise team

Tell us about your team. We'll respond within one business hour.

By submitting you agree to be contacted by the Vxera team. We never share your data.

Frequently asked

Is Nova SOC 2 certified?+

Nova is GDPR and CCPA compliant today and operates against the SOC 2 controls. SOC 2 Type 1 attestation is in progress (Q3 2026), Type 2 follows Q1 2027. We'll share our current security questionnaire and pen-test summary under NDA.

Do you train models on our prompts or code?+

No. Customer prompts, code, generated outputs and call recordings are never used to train any model. This is contractually guaranteed in our DPA.

How does multi-tenancy work?+

Every Postgres row carries a tenant_id and is protected by row-level security policies enforced by the database itself. The application layer cannot bypass tenant isolation even if a bug tried to.

Can we use our own API keys?+

Yes. On Enterprise you can bring your own DeepSeek, OpenAI, Anthropic or Azure OpenAI keys. Inference egress stays inside your provider account and we never persist the raw keys.

What does procurement look like?+

Standard MSA + DPA, signable in 1–2 weeks. Security questionnaires returned within 5 business days. We support custom paper for purchase orders over $50k ARR.

Where is data stored?+

Primary region is AWS US-East via Supabase. EU and regional residency available on Enterprise. Data at rest is AES-256 encrypted, data in transit uses TLS 1.2+.

Ready when your security team is.

Send your questionnaire. We'll return it signed in five business days and have your pilot live in thirty.

Start the conversation