Your security is our priority

We use Amazon Web Services (AWS) for our data center due to its reliability and security. Their security standards are unrivaled. Their services are designed for high-volume data center operations and have compliance with both ISO 27001 certification and Level 1 service provider under the PCI Data Security Standard, which protects your billing information.

AWS has multiple data centers dispersed in remote areas around the world. If a data center is down due to failure, a recovery data center can seamlessly continue service.

You can find more information on data center security at https://aws.amazon.com/security/.

Nulab continuously seeks to protect your data with the highest standards in the industry, which is why we've worked to achieve compliance with ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27018.

You can view and download the Nulab ISO 27001 certificate here, the Nulab ISO 27017 certificate here, and the Nulab ISO 27018 certificate here.

We have strict policies about who can access our servers. Only operational team members can access Nulab servers from our environment firewall on AWS. Those team members can only access the servers during authorized routine checks and approved investigations into user feedback, such as bugs. Nulab users have ZERO access to our servers directly.

Nulab has two countermeasures in case of server failure, human error, etc.

First, our database server continuously forwards and copies data to another server in real-time. Consequently, if the database server fails for any reason, we can resume software usage with the cloned data.

Second, we perform regular backups. Once a day, we complete a full backup of Backlog, Typetalk data, and Cacoo data. We can roll back to those backups if we lose messages due to an operational mistake.

We have robust systems in place to protect against application vulnerability and prevent malicious third parties from accessing your data.

All connections to Nulab software on the web and mobile devices are encrypted by SSL and sent using HTTPS. We use encrypted connection via TLS 1.2 for HTTPS. All passwords are encrypted.

Each day we ensure that our software meets and exceeds the expectations of collaborative tools for business. We perform server monitoring, troubleshooting, and planned updates. We are always taking action to improve our applications and your experience.

We monitor server reports 24/7. Our monitoring system notifies our operational team of system abnormalities, and that team follows up immediately.

We have a set of procedures in place in the event of a vulnerability. We notify all users immediately following any security concerns—you’ll always know what we know.

Please send reports directly using our contact form if you notice a security vulnerability.

For comprehensive details on our security procedures, please refer to the most recent edition of our official security whitepaper