Infrastructure
Data Center security
Our IT infrastructure is 100% cloud-based, with data hosted by AWS data centers located in the EU. These data centers have the highest level of certifications, including ISO 27001 and SOC2. For more information on compliance, visit AWS Security and AWS Compliance.
Data encryption
All customer data is encrypted when in transit and at rest. All data is transferred securely using SSL/TLS 1.2+ protocols. At rest, data is encrypted using AWS disk encryption (AES256).
Data residency
All data is fully hosted and processed by servers based in the EU.
Reliability and uptime
We monitor service performance and have automatic notifications to ensure an immediate response for interruptions and outages. Check status.nibol.com for real-time and historical data on system performance
Third-party
Vulnerability testing
We address vulnerabilities in Nibol's code and dependencies using automated tools and penetration tests.
Subprocessors
All subprocessors are based in the EU. For a full list contact us.
Collaborators
- Requirement for all the employees to sign a confidentiality agreement and to follow the internal policy.
- Background check on all candidates.
- Enforcement of device security policies globally through a centralized management tool with monitoring and remediation capabilities.
- Periodic security trainings are performed for all employees and the review our internal security policies is done quarterly.
- To separate development roles from consulting and validation, a RACI matrix framework is used to manage all tasks.
Privacy and compliance
Nibol is compliant with the General Data Protection Regulation (GDPR) and we are committed to providing features that may help customers comply with GDPR. For more information and to request a copy of our Data Processing Agreement (DPA), please write to [email protected]
Privacy policy
We have a strict privacy policy – we will never sell or share any customer data, nor will we contact your visitors or employees without explicit permission. We take measures to ensure customer data is kept secure and private, and we are continuously looking for ways to provide even greater protection.