Encryption at Rest & in Transit
All data encrypted with AES-256 at rest. TLS 1.3 enforced for all connections. Keys rotated automatically on a defined schedule.
Built secure
from the ground up
Enterprise-grade encryption, strict access controls, and continuous monitoring, so your data and your customers' data stays protected.
Security layers active
- TLS 1.3 in transit
- AES-256 at rest
- RBAC + MFA
- SOC 2 ready
- GDPR compliant
Security in every layer
NIVA's architecture applies security controls at the infrastructure, application, and data layer simultaneously.
Zero-Trust Access
Role-based access control with least-privilege enforcement. Every internal service-to-service call is authenticated and logged.
Continuous Monitoring
Real-time threat detection, anomaly alerts, and audit logging for every action taken within the platform, admin or API.
Secure Cloud Infrastructure
Deployed on SOC 2 certified cloud providers. Network segmentation, WAF, and DDoS protection applied at the perimeter.
Secure Development
SAST/DAST scans in CI/CD pipeline. Dependency vulnerability scanning on every build. Security reviews for all major releases.
Incident Response
Documented IR playbooks, defined SLAs for severity classification, and coordinated disclosure policy for responsible vulnerability reporting.
Built to meet regulatory standards
NIVA aligns with leading global compliance frameworks so your deployment meets the bar for regulated industries.
GDPR Compliant
Data subject rights, DPA available, EU data residency options, and lawful basis controls.
SOC 2 Type II Ready
Audit controls, access management, and operational procedures aligned to AICPA Trust Service Criteria.
HIPAA Aligned
Technical safeguards, audit controls, and BAA available for healthcare deployments.
ISO 27001 Ready
Information security management controls aligned to ISO/IEC 27001 annex requirements.
How we handle your data
Data Isolation
Each workspace is logically isolated. Multi-tenant architecture ensures no cross-tenant data leakage at the storage or query layer.
Retention & Deletion
Configurable retention policies per workspace. Data deletion requests honored within 30 days, with cryptographic erasure confirmation.
Data Residency
Enterprise plans support regional data residency. Choose where your conversation and model data is stored and processed.
Third-Party Subprocessors
Full subprocessor list available on request. All subprocessors undergo security review and are contractually bound to data protection obligations.
Data in transitTLS 1.3
Data at restAES-256
Key managementAuto-rotate
Audit logsImmutable
Access controlRBAC + MFA
Threat detectionReal-time
BackupsDaily + encrypted
Reliable, hardened, and audited
Tier-1 Cloud Providers
Deployed on AWS and GCP data centers with physical access controls, environmental safeguards, and 24/7 on-site security.
Network Segmentation
Private VPCs, subnet isolation, and strict firewall rules. No public exposure of internal services or databases.
DDoS & WAF
Layer 3/4 and layer 7 DDoS mitigation active at all edge locations. Web Application Firewall blocks OWASP Top 10 attack patterns.
Penetration Testing
Annual third-party penetration tests. Findings triaged and remediated within defined SLAs based on severity classification.
99.9% SLA Uptime
Production infrastructure designed for high availability with redundant systems and automated failover.
Responsible Disclosure
Security researchers can report vulnerabilities via security@nivalabs.ai. We acknowledge reports within 48 hours.
For privacy commitments and uptime status, see our Trust Center.