How Nyalma handles account, support, and security data.

What the portal stores

• account identity and membership details for customer access
• commercial records such as entitlements, orders, and release visibility
• support requests, replies, and customer-provided attachments
• audit and rate-limit signals used for security and troubleshooting

Why the data is used

• to sign users in and protect the portal with MFA and anti-abuse controls
• to issue licenses, notify customers, and expose the correct downloads
• to manage support conversations, status updates, and follow-up communication
• to investigate suspicious activity or recover from operational issues

What stays local to Cerberus

Cerberus remains an offline-first product. Running deployments do not need a live connection to Nyalma in order to validate already issued license materials.

• the portal is not a runtime SaaS control plane
• license verification happens inside the deployed product
• customers decide what diagnostics they share during support

Retention and access

Access to portal data should stay limited to the people operating the service and serving the customer.

• short-lived rate-limit signals are retained separately from durable audit events
• support attachments should be kept private and storage-backed, not public
• customer agreements can define stricter retention or handling requirements