Security
Built with security
at its core.
We take the security of your data seriously. From encryption to compliance, here is how we protect your infrastructure and information at every layer.
Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Encryption keys are managed through a dedicated key management service with automated rotation.
Infrastructure
Our infrastructure runs on SOC 2 Type II certified data centers. We employ network segmentation, firewalls, and intrusion detection systems to protect our perimeter.
Monitoring
We maintain continuous 24/7 monitoring across our entire stack. Security events are logged, analyzed, and acted upon in real time by our dedicated security team.
Access Control
We enforce the principle of least privilege across all systems. Multi-factor authentication is required for all internal access, and access is regularly reviewed and audited.
Compliance
Novacorp maintains compliance with SOC 2 Type II, GDPR, and CCPA. We undergo regular third-party audits and penetration tests to validate our security posture.
Incident Response
We maintain a documented incident response plan with defined escalation paths. In the event of a breach, affected customers are notified within 72 hours in accordance with applicable regulations.
Secure Development Lifecycle
Security is embedded throughout our development process. We conduct code reviews with a security focus, use automated vulnerability scanning in our CI/CD pipeline, and provide ongoing security training to all engineers.
Penetration Testing
We engage independent third-party security firms to conduct penetration tests at least annually. Findings are remediated according to their severity level, and our internal red team continuously tests our defenses.
Vendor Management
All third-party vendors with access to customer data are subject to a rigorous security assessment process. We maintain an up-to-date register of all sub-processors and regularly review their compliance posture.
Data Retention & Deletion
Customer data is retained only as long as necessary to provide the Services or as required by law. Upon account termination, customer data is deleted within 30 days from our production systems and within 90 days from backups.
Business Continuity
We maintain comprehensive backup and disaster recovery procedures with regular testing. Our infrastructure is designed for high availability with redundancy across multiple availability zones.
Responsible Disclosure
We operate a responsible disclosure program. If you discover a security vulnerability in our systems, please report it to security@novacorp.io. We commit to investigating all valid reports promptly and confidentially.
Found a vulnerability?
We take all security reports seriously. Report vulnerabilities responsibly and our team will investigate promptly.