Security Policy

As a company that takes data security and privacy very seriously, we recognize that CloudNimble’s information security practices are important to you. While we don’t like to expose too much detail around our practices (as it can empower the very people we are protecting ourselves against), we have provided some general information below to give you confidence in how we secure the data entrusted to us.

• CloudNimble's applications and platforms, including the BurnRate Service, are built on the Microsoft technologies and deployed through Microsoft's Azure data centers in the United States.
• We have flexibility through the Azure platform to store data in other regions, should our client have a specific request. Our data centers manage physical security 24/7 with biometric scanners.
• We maintain data encryption at rest, advanced data filtration at the API level, and all of our APIs require token-based security.
• CloudNimble cannot physically access the Azure data centers. Access is strictly limited to authorized personnel. You can read more about Microsoft data center policies here.
• Microsoft Azure has over 90 compliance certifications worldwide. You can read more about them here.

• Our databases are maintained on the Microsoft Azure platform and are designed for disaster recovery and automatic failover.
• Account data is backed up at regular intervals throughout the day to multiple off-site locations.

• Our login systems leverage third-party services that validate users independently. As such, CloudNimble does not store customer usernames or passwords of any kind.
• All application communication is encrypted over SSL TLS 1.2 channels.
• Though the responsibility of the third parties we leverage, login pages for CloudNimble services have brute-force protection.
• We perform regular external security penetration tests throughout the year using different vendors. The tests involve high-level server penetration tests, in-depth testing for vulnerabilities inside the application, and social engineering drills.

• We continuously train employees on best security practices, including how to identify social engineering, phishing scams, and hackers.
• Employees on teams that have access to customer data (such as tech support and our engineers) undergo criminal history and credit background checks prior to employment.
• All employees sign a Privacy Safeguard Agreement outlining their responsibility in protecting customer data.
• All employees receive data privacy training.
• In order to protect our company from a variety of different losses, CloudNimble has established a comprehensive insurance program. Coverage includes, but is not exclusive to: coverage for cyber incidents, data privacy incidents (including regulatory expenses), general error and omission liability coverage, excess cyber liability coverage, property and business interruption coverage, as well as international commercial general liability coverage.

If you’ve discovered a vulnerability in any CloudNimble service, please don’t share it publicly. Instead, please submit a report to us at security@nimbleapps.cloud. We review all security concerns brought to our attention, and we take a proactive approach to emerging security issues. Every day, new security issues and attack vectors are created. CloudNimble strives to stay on top of the latest security developments both internally and by working with external security researchers and companies. We appreciate the community’s efforts in creating a more secure web.

If you believe your account has been compromised or you are seeing suspicious activity on your account please email help@nimbleapps.cloud.