Overview
At NablaFlow security is a priority and is considered as part of every upgrade to our infrastructure. We take a security-by-design approach to protect your data, our team makes continuous efforts so you can use AeroCloud and ArchiWind with confidence.
If you have any question please contact us at security@nablaflow.io.
Security
Infrastructure
All our services are hosted in the cloud on AWS. We stand on the solid base they provide and follow their infrastructure recommendations and best practices.
We designed the infrastructure with layers of protection to ensure your data is secure while transmitted, stored or processed. Those layers includes encryption, secure software development, least privilege access, code reviews, continuous upgrades, identity management, automated testing.
Product Security
All data uploaded to AeroCloud is stored in a secure file storage service provided by AWS (S3). Storage is private and encrypted, uploads are transmitted directly from your browser to the file storage service and no other copy is stored elsewhere.
Your data will never leave our private AWS VPC when running wind simulations and it's never exposed to other resources.
Payments are processed through Stripe which is a certified PCI Service Provider Level 1. We don't collect any sensitive information about credit cards as they never transit through our systems.
Operational Security
Our team continuously monitor the infrastructure through automated tools and regularly through manual controls, to ensure no malicious activity is performed.
Responsible disclosure
NablaFlow looks forward to working with the security community to find vulnerabilities in our applications, to keep our customers and businesses safe. We accept disclosures only through email at the security@nablaflow.io address.
Please do not discuss any vulnerabilities until you receive our confirmation that they have been fixed. We will respond as quickly as possible.
Submission rules
- When sending a report we kindly ask you to include a detailed description of your discovery with clear, concise and reproducible steps or a working proof of concept.
- Please submit one vulnerability per report, unless you need to chain them to provide impact.
- Social engineering (for example phishing, wishing, smishing) is prohibited.
- Please avoid any privacy violation, interruption or degradation of our services and data destruction.
- Only interact with data you own.
Reliability
At NablaFlow we make continuous efforts to create and improve the reliability of our platform. We strive to provide robust uptime guarantees so we can be available when you need us.
High availability and failover
NablaFlow leverages on the highly durable storage infrastructure provided by AWS to keep your data safe and available. This means we provide 99.99% or more durability and availability over a given year.
We also have a comprehensive backup system in place, an extended alerts system to detect issues and a set of defined procedure to address disaster recovery.
Privacy
The General Data Protection Regulation (GDPR) is considered to be the most stringent global privacy standard. At NablaFlow we strictly follow the GDPR specifications to treat user data.
Please find the our privacy policy at this link.