Features
Security and compliance
Environmental monitoring data often underpins audits, product batches and legal accountability. That is why we describe security in concrete terms: what is encrypted, what is logged, how long we keep data and what happens when you want it deleted.
Foundations
Six layers that are always on — regardless of plan or configuration.
Encrypted transmission (TLS)
All communication between the browser and the Nextriv cloud is encrypted with TLS. Measurement data and credentials never travel in plain text.
Data isolation between organisations
Each organisation (tenant) is separated using Row-Level Security enforced at the database level — not just in application code. One organisation's queries physically cannot reach another's data.
Two-factor authentication (2FA)
TOTP authentication compatible with popular apps (Google Authenticator, Authy and others), plus one-time backup codes in case you lose your phone.
Password policy and session control
Enforced password complexity rules, active session management and a one-click global logout from all devices.
Roles and permissions
Role-based access — from administrator to view-only user. Team invitations expire automatically after 7 days if not accepted.
Audit trail and security log
A record of user actions plus a separate security event log, retained for 5 years, exportable to CSV and PDF for audits.
A path to GxP and 21 CFR Part 11
Nextriv does not promise “one-click compliance” — no system can deliver that on its own. What we do provide are the technical building blocks regulated environments require, and that an auditor will want to see:
If you are preparing a system qualification in a GxP environment, contact us — we will provide the detailed technical information your documentation needs.
A 5-year audit trail
A chronological record of system activity, retained for 1,825 days, exportable to CSV/PDF.
Signed PDF reports
Reports receive a SHA-256 checksum, a QR code and a verification URL. Any recipient can confirm the document has not been altered after generation.
Compliance reports
Compliance sections in reports: measurements evaluated against defined thresholds, statistics and percentiles for the period under review.
Access and identity control
Roles with separated permissions, 2FA and a full login history in the security log — the foundation of data integrity requirements.
How a signed PDF report works
1. SHA-256 checksum
When a report is generated, the system computes its cryptographic checksum and stores it on the Nextriv side.
2. QR code and verification URL
The document carries a QR code and a unique URL pointing to a verification page.
3. Verifiable by anyone
The report's recipient — a customer, auditor or inspector — compares the document against the stored checksum. Any change to the file after generation is detected.
Data retention
Clearly defined retention periods — no asterisks, no fine print.
| Data type | FREE plan | PRO plan |
|---|---|---|
| Measurements (raw data) | 365 days | 1,825 days (5 years) |
| Reports | 30 days | 365 days |
| Notifications | 30 days | 90 days |
| Audit trail and security log | — | 5 years (1,825 days) |
Data older than 7 days is compressed (80–95% less storage) and remains fully available for analysis and reporting throughout the retention period.
GDPR and control over your data
Your organisation's data is not held hostage by the system. You stay in control at every stage — including when you decide to leave.
Deletion on request
GDPR-compliant data deletion mechanisms — including self-service removal of the entire organisation and its data, with no need to contact support.
Export in open formats
Measurements to XLSX/CSV, reports to PDF, the audit trail to CSV/PDF. No proprietary formats.
Hosting in the European Union
Measurement data and user accounts are processed on servers located in the EU.
Questions from your IT or quality team?
We answer in specifics — architecture, retention, audit trail, audit requirements.