Nova

Security & Trust

Security-first
by design.

Your compliance data deserves the highest level of protection. We build with security at the core, following industry best practices from day one.

Our Commitment

The standards we hold ourselves to.

As an AI-powered audit readiness platform, we hold ourselves to the highest security standards.

01

We practice what we preach

As an AI-powered audit readiness platform, we hold ourselves to the same standards we help our customers achieve. Security and compliance are foundational, not afterthoughts.

02

Transparency first

We're transparent about our security practices and certification journey. We don't claim certifications we don't hold, and we openly share our roadmap.

03

Continuous improvement

Security isn't a one-time achievement — it's an ongoing commitment. We continuously enhance our posture and stay ahead of emerging threats.

How We Protect You

Enterprise-grade protection.

The controls we operate, every day, to keep your sensitive compliance information secure.

End-to-end encryption

All data in transit uses TLS 1.3. Data at rest is encrypted using AES-256 — industry-standard encryption protecting your sensitive compliance information.

Enterprise cloud infrastructure

Hosted on AWS with enterprise-grade security controls, automatic backups, and 99.9% uptime SLA backed by AWS compliance programs.

Access control & authentication

Multi-factor authentication enforced for all users. Role-based access controls ensure users only access what they need.

Continuous monitoring

24/7 automated monitoring of our infrastructure for security events, anomalies, and potential threats with real-time alerting.

Secure data handling

Your compliance data is logically isolated per workspace. We follow data minimization principles and never sell or share your data.

Regular security audits

Internal security reviews, vulnerability assessments, and penetration testing to identify and remediate issues proactively.

Industry Best Practices

Built on recognised frameworks.

Security-first development

Secure coding practices, code reviews, and automated security scanning integrated into our development pipeline.

Network security

Web Application Firewall, DDoS protection, and network segmentation to protect against attacks.

Logging & audit trails

Comprehensive logging of all system activities and user actions for security analysis and compliance auditing.

Incident response

Documented incident response procedures with defined escalation paths and notification protocols.

Your Data, Your Control

You stay in the driver's seat.

  • You own your data

    Your compliance data belongs to you. We're just the custodians, following strict access controls.

  • Never sold or shared

    We never sell your data to third parties or use it for purposes other than providing our service.

  • Data portability

    Export your data anytime. If you choose to leave, you take everything with you.

  • Right to deletion

    Request deletion of your data at any time, and we will comply within 30 days.

Learn More

Begin

Security you can trust.

We're building Nova with the same security rigour we help our customers achieve.