Security and Privacy
Security

Security

Infrastructure

All our services are hosted in the cloud on AWS. We stand on the solid base they provide and follow their infrastructure recommendations and best practices.

We designed the infrastructure with layers of protection to ensure your data is secure while transmitted, stored or processed. Those layers includes encryption, secure software development, least privilege access, code reviews, continuous upgrades, identity management, automated testing.

Product security

All data uploaded to AeroCloud is stored in a secure file storage service provided by AWS (S3). Storage is private and encrypted, uploads are transmitted directly from your browser to the file storage service and no other copy is stored elsewhere.

Your data will never leave our private AWS VPC when running wind simulations and it’s never exposed to other resources.

Payments are processed through Stripe which is a certified PCI Service Provider Level 1. We don’t collect any sensitive information about credit cards as they never transit through our systems.

Operational Security

Our team continuously monitor the infrastructure through automated tools and regularly through manual controls, to ensure no malicious activity is performed.

Responsible disclosure

NablaFlow looks forward to working with the security community to find vulnerabilities in our applications, to keep our customers and businesses safe. We accept disclosures only through email at the security@nablaflow.io address.

Please do not discuss any vulnerabilities until you receive our confirmation that they have been fixed. We will respond as quickly as possible.

Submission rules

  • When sending a report we kindly ask you to include a detailed description of your discovery with clear, concise and reproducible steps or a working proof of concept.
  • Please submit one vulnerability per report, unless you need to chain them to provide impact.
  • Social engineering (for example phishing, wishing, smishing) is prohibited.
  • Please avoid any privacy violation, interruption or degradation of our services and data destruction.
  • Only interact with data you own.
Reliability