Payments is now live!

Security

We know the value of security and treat it as an integrated part of our product development process. This ensures that the highest security standards are always built into everything we create.

We are ISO27001 certified, GDPR compliant, and undergo weekly pen tests. Each and every one of these efforts is a symbol of our ongoing commitment to data security and privacy protection.
Geometric shape

Pro-active & frequent pen testing

We use an independent third party that continuously monitors our applications for known weaknesses and vulnerabilities. We also use AWS Trusted Advisor to scan and keep the infrastructure protection up to date.

Always up-to-date with latest patches and updates

Nblocks reviews its frameworks and updates on a recurring basis with a monthly security review. Vital patches and upgrades are prioritized in our 2-week sprint schedule, and our team can initiate an escalated update of the system if a critical update is released from any framework used.

Security is a key in our design and dev process

We work with code reviews, automated tests and vulnerability scans. The software includes automated tests that test known ways of penetrating the software and tries to access resources that should not be granted. Every code change is reviewed from a security perspective and only the CTO can approve a code change for a production release.
Privacy & compliance

ISO 27001 certification

Nblocks is certified according to ISO/IEC 27001:2013 which is an internationally recognized standard that provides a framework for information security management.

By undergoing the certification process, we implemented an information security management system that meets international standards which ensures nblocks follows industry best practices when it comes to managing the security and confidentiality of information and data.
Privacy & compliance

GDPR compliant

We are fully committed to GDPR compliance as part of our unwavering dedication to safeguarding your personal data. All our AWS resources are collected in a Virtual Private Cloud (VPC) in an AWS data center within the EU (Ireland).

Transparency, data minimization, consent, robust security measures, a dedicated Data Protection Officer, and a commitment to swift data breach response are the pillars of our approach. We respect the rights under GDPR, which include the right to access, correct, delete, or transfer your data, as well as the right to withdraw consent.
Security

Data protection

Nblocks is hosted in a Virtual Private Cloud (VPC) in Amazon Web Service (AWS). AWS data centers practice the highest standards in both physical and digital protection against data breaches and are certified with ISO 27001 amongst others. More information about the Data Protection of AWS can be found at https://aws.amazon.com/compliance/data-protection/

All application and database data both in transfer and at rest are encrypted and the only entry points to Nblocks infrastructure from the outside world are port 80 and 443. The sole purpose of port 80 is to gracefully redirect traffic to the encrypted HTTPS port 443.Data in transit over open networks are encrypted using HTTPS/TLS.

On the infrastructure level access to production environments with databases and file storage are completely restricted. Only system administrators that are responsible for operation and maintenance can temporarily access data during a set time window, geographical place and key pair. This access is granted case by case by the CTO.

Join the nblocks community

Unleash the power of nblocks powerful features today