Our customers entrust us with their personal and financial information and we takethat role seriously. That’s why security is the one of the first things we think about when designing our products, policies, and practices.
Our information security program is designed to exceed industry standards and we use many different controls to keep data safe. As part of our commitment to security, we’re SOC2 audited and undergo regular penetration tests, both initiated by us as well as our customers.
We understand that protecting our infrastructure starts from our people. All of our employees undergo mandatory background checks and security training to protect against social engineering attacks. In addition, access to sensitive infrastructure is audited and limited to the smallest subset of the organization that absolutely requires it.
Nova's services are guarded by an identity and access reverse proxy that authenticates and authorizes all incoming HTTP requests. This ensures that every inbound request is inspected and routed to a valid internal destination.
Nova forces HTTPS for all services via TLS, including the public application and all publicly accessible services and APIs. We additionally use HSTS to ensure that browsers interact with Nova only over HTTPS.
We use AES256 to encrypt data at rest. This
protects data stored within Nova’s
infrastructure from any system compromise or
data exfiltration attempt.
We use TLS to to encrypt data in transit. This means endpoints are authenticated, data is encrypted before transmission, and information is verified on arrival. This protects data as it moves between publicly accessible systems and our internal infrastructure in situations where third parties are attempting to intercept communications.
We use Confidential Computing to encrypt data in use. We leverage security technology offered by modern CPUs (e.g. the Secure Encrypted Virtualization extension) together with confidential computing cloud services to encrypt the memory contents of VMs in use and ensure data is private and encrypted even while being used.