We take your privacy and the security of your data very seriously, and continuously strive to maintain the highest ethical and professional standards at all times. Accordingly, we have implemented numerous security policies and practices which are designed to protect your data and our infrastructure.
Our engineering team is experienced with developing and maintaining large-scale software applications. With engineers located across different time zones, a member of the engineering team is available at most hours of the day to respond to any security issues or outages in a timely manner.
Nolt hosts applications and customer data on a collection of systems operated by Heroku and Amazon Web Services (AWS). Data sits behind a secure firewall (VPC) that blocks access from everywhere except designated servers on designated ports within the same AWS VPC.
All user data is encrypted in transit with TLS (minimum TLS 1.2 or later) and at rest with industry standard AES-256.
Customer data is continuously backed up on-site and off-site daily (encrypted and stored in object storage in a different geographic region).
Our data storage layer is never publicly accessible. All incoming requests on public endpoints are routed to servers on specific (whitelisted) ports and screened by our authentication layer before being processed by our application (we use a microservices architecture).
We encourage security researchers to test our software and receive rewards for uncovering vulnerabilities. We evaluate bug submissions on a case-by-case basis and determine payouts based on the severity of the security issue. Please report vulnerabilities to security@nolt.io.
Please reach out to hello@nolt.io with any additional questions or concerns regarding Nolt's security policy.
Bug Bounty Program
Get rewarded for responsible disclosure of security vulnerabilities.