Security is foundational to a platform built on business data. Here is how we protect your information.
We design Nrvole with security as a default, not an afterthought. Our practices follow widely recognised industry security standards and are reviewed continuously rather than once a year.
The platform runs on reputable cloud infrastructure in the UK and EU, with isolated environments for development, testing and production. Infrastructure is provisioned as code so changes are reviewed, versioned and auditable.
Data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Backups are encrypted and tested regularly. Secrets and keys are stored in a managed key-management service, never in source code.
Access to production systems follows the principle of least privilege. Staff access requires multi-factor authentication, is granted by role, and is reviewed periodically. Passwords for user accounts are stored only as salted hashes.
We log and monitor platform activity for anomalies and maintain an incident-response process so that, in the unlikely event of a security incident, we can contain it quickly and notify affected users and regulators as required by law.
We welcome reports from security researchers. If you believe you have found a vulnerability, please email security@nrvole.com with details so we can investigate. We ask that you give us reasonable time to remediate before any public disclosure, and that you avoid accessing or modifying other users’ data.
Start with a free account and see how Nrvole keeps your research secure.