Engineered for Security

Data Encryption

We make sure your data is protected both while it’s moving and while it’s stored.

• Encryption in Transit: All communication between your application and our servers, and between our servers and our third-party AI providers, is encrypted using Transport Layer Security (TLS) 1.2 or higher.  
• Encryption at Rest: All data we store, including our temporary operational logs, is encrypted at rest using the AES-256 standard.  

Secure Infrastructure

• European Hosting: Our core infrastructure and databases are physically located in certified data centres in Germany. This ensures we stick to the strict European standards for data protection.
• Network Protection: We use firewalls, network segmentation, and DDoS mitigation to protect our platform from external threats.  

Access Control

• Principle of Least Privilege: Access to our production systems is strictly limited to authorised team members who need it to do their jobs, and nothing more.  
• Strong Authentication: We enforce multi-factor authentication (MFA) for all internal access to production systems.  
• Single Sign-On (SSO): Our Enterprise plans support SAML-based SSO, letting you manage access through your company’s identity provider (like Okta or Azure AD).  

Secure Development

Our engineering teams follow a secure development lifecycle, which includes mandatory code reviews, automated security scanning, and regular training on secure coding practices like the OWASP Top 10.  

Responsible Disclosure

If you believe you’ve found a security issue, please help us by reporting it to security(at)nomodo.ai. We truly value the security community’s help in keeping our platform safe.