Azure logo
Data is stored on multi-tenant, encrypted, Microsoft Azure servers
Stripe
PCI Level 1 Compliance via Stripe
Auth0
Identity communication uses TLS with at least 128-bit AES encryption
IBM
Static and dynamic testing via IBM Application Security on Cloud

Introduction

We want our customers to sleep easy knowing that their data is safe and private. At Nectir, security is a fundamental part of our business. It’s core to our product development and a first priority in system protection and response. We believe that it’s only through complete transparency that trust is formed, and consistently enhancing our security that trust is maintained.

While reading about our security please also read our Privacy Policy and Customer Terms of Service.

Continuous security-health monitoring our entire environment - through Azure Security Centre

Data encryption in transit and at rest

SAML-based SSO - all network communication uses TLS with at least 128-bit AES encryption

Data is served 100% over https

Regular assessment via IBM Application Security on Cloud

256 Bit Wildcard Secure Sockets Layer (SSL)

Infrastructure Security

Nectir defines its network boundaries using a combination of load balancers, firewalls, and data environments. We use these to control which services we expose to the Internet and to segment our production work from the rest of our computing infrastructure. We limit who has access to our production infrastructure based on business need and strongly authenticate that access.

  • The entire Nectir service is delivered via the cloud. We do not store any client information on local physical servers.
  • Nectir uses Microsoft Azure to host our services, store data and backup data.
  • Customer data is stored in a multi-tenant database that is designed to segregate and restrict Customer Data access based on business needs. The architecture provides an effective logical data separation for different customers via a customer-specific unique identifier and allows the use of customer and user role based access privileges.
  • We test for potential vulnerabilities such as application vulnerabilities as well as following Microsoft’s Azure security guidelines as detailed here

For more information on our Security Infrastructure please contact us.

Introduction

Nectir uses an event-sourced application architecture. We record events that have occurred within the system and present this easily as an activity overview.

Authentication

Nectir uses administrator triggered invitations to authorise user access. Only validated users who have been invited are able to gain access to an account. The user identity is validated in two ways:

  • By validating email addresses and/or;
  • By validating against an integrated identity federation provider.

Nectir promotes integration with the Customer’s primary authentication service, but it is not required.

If the Customer’s user credentials are stored by Nectir, they will be stored using industry standard cryptographic hashes and hash salting.

For more information on Authorisation Security please contact us.

Access and Permissions

  • Accounts are provisioned by the Customer  through a sign-up process. The Customer automatically becomes the administrator user.
  • The administrator user grant normal users access via invitation described in the authentication section.
  • The administrator has sole administration rights and controls until they provide user or group-specific permissions.
  • Only users assigned with System Permissions have administrator level right that allow for user management and permission assigning capability.
  • Administrators are able to suspend or terminate user access

For more information on our Access and Permissions  please contact us.

Acceptable Use of Nectir

We take fair, responsible usage seriously and have developed a code of use for acceptable and unacceptable conduct for our Service. If we believe that at any point there is a violation of this code we may suspend or terminate your access.

You must:

  • keep passwords and account information confidential and responsibly protected,
  • comply with your employer’s confidentiality, and IP agreements with you,
  • comply with all applicable laws and government regulations, including, but not limited to, all intellectual property, data, privacy, and export control laws, and regulations promulgated by any government agencies,
  • upload and disseminate only Customer Data to which Customer owns all required rights under law and under contractual and fiduciary relationships (such as proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements) and do so only consistent with applicable law;
  • use commercially reasonable efforts to prevent unauthorised access to or use of the Services;
  • monitor and control all activity conducted through your account in connection with the Services;
  • promptly notify us if you become aware of or reasonably suspect any illegal or unauthorized activity or a security breach involving your accounts or teams, including any loss, theft, or unauthorised disclosure or use of a username, password, or account; and
  • comply in all respects with all applicable terms of the third party applications, including any that Customer elects to integrate with the Services that you access or subscribe to in connection with the Services.

You must not:

  • permit any third party that is not an Authorised User to access or use a username or password for the Services;
  • share, transfer or otherwise provide access to an account designated for you to another person;
  • if you have been provided administrative rights that gives you access to assigning access rights to others, will not provide access to individuals outside of Customer’s direct fiduciary authority without Customer’s consent. For example you must not provide access to Customer’s account to individuals who are not employed by Customer without Customer’s consent.
  • use the Services to store or transmit any Customer Data that may infringe upon or misappropriate someone else’s trademark, copyright, or other intellectual property, or that may be unlawful;
  • upload to, or transmit from, the Services any data, file, software, or link that contains or redirects to a virus, Trojan horse, worm, or other harmful component or a technology that unlawfully accesses or downloads content or information stored within the Services or on the hardware of Nectir or any third party;
  • attempt to reverse engineer, decompile, hack, disable, interfere with, disassemble, modify, copy, translate, or disrupt the features, functionality, integrity, or performance of the Services (including any mechanism used to restrict or control the functionality of the Services), any third party use of the Services, or any third party data contained therein (except to the extent such restrictions are prohibited by applicable law);
  • attempt to gain unauthorised access to the Services or related systems or networks or to defeat, avoid, bypass, remove, deactivate, or otherwise circumvent any software protection or monitoring mechanisms of the Services;
  • access the Services in order to build a similar or competitive product or service or copy any ideas, features, functions, or graphics of the Services;
  • use the Services in any manner that may harm minors or that interacts with or targets people under the age of thirteen;
  • impersonate any person or entity, including, but not limited to, an employee of ours, an “Administrator”, an “Owner”, or any other Authorised User, or falsely state or otherwise misrepresent your affiliation with a person, organization or entity;
  • access, search, or create accounts for the Services by any means other than our publicly supported interfaces (for example, “scraping” or creating accounts in bulk);
  • send unsolicited communications, promotions or advertisements, or spam;
  • place any advertisements within a Nectir client;
  • send altered, deceptive or false source-identifying information, including “spoofing” or “phishing”;
  • abuse referrals or promotions to get more credits than deserved;
  • use contact or other user information obtained from the Services (including email addresses) to contact Authorised Users outside of the Services without their express permission or authority or to create or distribute mailing lists or other collections of contact or user profile information for Authorised Users for use outside of the Services; or
  • authorise, permit, enable, induce or encourage any third party to do any of the above.

Want more?

Speak to us to get the security information you need.