Compliance & Security

Our Commitment

At Nimbus, we understand that security and compliance are fundamental to building trust with our customers. We are committed to maintaining the highest standards of data protection, security practices, and regulatory compliance.

Nimbus is compliant with the General Data Protection Regulation (GDPR), which sets the standard for data protection and privacy in the European Union. Our compliance includes:

Data Protection by Design: Security and privacy considerations are integrated into all aspects of our platform development
Data Subject Rights: We support all GDPR data subject rights, including access, rectification, erasure, portability, and objection
Data Processing Agreements: We provide appropriate data processing agreements for our customers
Privacy by Default: Our default settings prioritize user privacy and data protection

Security Practices

While we are working toward formal SOC 2 certification, we maintain robust security practices aligned with SOC 2 standards:

Data Security

Encryption in transit and at rest
Regular security assessments and vulnerability testing
Access controls and authentication mechanisms
Secure data storage and backup procedures

Infrastructure Security

Secure cloud infrastructure with industry-leading providers
Network security and monitoring
Incident response procedures
Regular security audits and reviews

Operational Security

Employee security training and awareness programs
Secure development lifecycle practices
Change management and version control
Business continuity and disaster recovery planning

Ongoing Compliance Efforts

We are actively working toward formal SOC 2 Type I and Type II certifications. Our security and compliance program is continuously evolving to meet the highest industry standards and regulatory requirements.

Contact

For questions about our compliance and security practices, please contact us at admin@gonimbus.ai.