Keeping your lead data secure, and compliant.

We shed light on the marketing data needed for smarter campaigns, and adhering to current security and local privacy standards is the backbone at Nimbata.

Privacy Protection.

Data Security.

security Group 301 1


All Nimbata services run in the cloud. We don’t host or run our own routers, load balancers, DNS servers, or physical servers. Customer data and production environments are hosted on high-security AWS facilities compliant with PCI DSS, ISO 27001, and SOC 1/2/3. Access to data center facilities is protected with various physical surveillance measures (guards, CCTV, electronic access control, etc.). Monitoring and alerting are in place for environmental controls such as power, HVAC, and temperature.

security Group 303


Nimbata prioritizes the security of access to our production networks through the use of strictly defined rules and requires multi-factor authentication and encrypted connections. We also utilize intrusion detection systems (firewalls, secure HTTPS, DoS prevention) in our production network to ensure maximum protection of our application and global carrier connections

security Group 306 1


To ensure the protection of customer information, nimbata encrypts call-tracking data in transit and at rest on servers utilizing recognized encryption protocols. Encryption in transit: All data sent to or from our infrastructure is encrypted in transit via industry best practices using Transport Layer Security (TLS).

Nimbata also offers encryption at rest, where all volumes used to safely store call data, including recordings, transcriptions, and log files are encrypted using battled-proofed encryption algorithms in the database. At end-of-life, AWS destroys disks per NIST 800-88 standards. 

Application Access.

We are committed to providing the highest level of security for our customers. Our platform implements industry-standard encryption algorithms, to ensure the confidentiality and integrity of your data.

Service Reliability.

security Group 301 1


Nimbata monitors all application activities (including user interactions and API calls) to retain and analyze a comprehensive view of its corporate and production infrastructure. Administrative access, use of privileged commands, and system calls on all servers in Nimbata’s production network are automatically logged with a timestamp and other relevant system information. Administrators can audit activity records, keeping track of who did what and when to prevent unauthorized access and ensuring compliance.

security Group 303

Data Backup

Nimbata services uses geographically separate environments to ensure data availability and uptime. In the unlikely event of simultaneous failure of both environments, Nimbata maintains backups, meaning that the RPO is no greater than 24 hours. Users can also take their own data backups using cvs and json file export, giving you full control of your lead data. 

Digital Compliance.

Customers can adapt Nimbata services to their organizational needs in order to comply with data protection legislation such as the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), UK Data Protection act 2018, or, the Swiss Data Protection act, etc.  To help our customers with compliance, we continuously add flexibility to our call tracking and call conversion platform, API, and integrations.

security Group 321 1

HIPAA compliant

When it comes to healthcare, we take HIPAA compliance seriously. Nimbata has all the necessary technical safeguards in place to keep patient information secure, and only authorized personnel can access it.

security Group 319

GDPR aligned

Nimbata has implemented all the necessary procedures, so that you remain GDPR compliant. All data collection, storage and processing procedures, are designed to ensure an appropriate level of security for Customer Personal Data, in accordance with Article 32 of the GDPR.

security Group 316


Our DPA outlines our obligations and responsibilities in collecting, storing, processing, and transmitting personal data and ensures that it is handled in a secure and compliant manner, in accordance with privacy and data protection laws.

security Group 312


We utilize Standard Contractual Clauses (SCCs) in our agreements to ensure the protection of personal data in compliance with EU data protection laws. By incorporating SCCs into our contracts, we can confidently transfer personal data, knowing that we are taking appropriate measures to protect the privacy and security of the individuals whose data we handle.


Did you find the answers you are looking for?

Need some more information? Contact us