DATA SECURITY
Keeping your lead data secure, and compliant.

Privacy Protection.
Privacy by Design
Our deployments are architected to ensure complete data privacy. No one except those you authorize ever gets access and only to the data you choose to store. Your data is yours to own. Nimbata does not sell our customers’ data.
Data Redaction
Nimbata allows users to either manually or automatically redact any personally identifiable information from call, text, and form records. Secure call transcriptions allow the system to detect when credit card information, social security information, or phone numbers are spoken during a call, tag the call appropriately, and redact that information from your call transcriptions and associated call recording.
Data Security.
Physical
All Nimbata services run in the cloud. We don’t host or run our own routers, load balancers, DNS servers, or physical servers. Customer data and production environments are hosted on high-security AWS facilities compliant with PCI DSS, ISO 27001, and SOC 1/2/3. Access to data center facilities is protected with various physical surveillance measures (guards, CCTV, electronic access control, etc.). Monitoring and alerting are in place for environmental controls such as power, HVAC, and temperature.
Network
Nimbata prioritizes the security of access to our production networks through the use of strictly defined rules and requires multi-factor authentication and encrypted connections. We also utilize intrusion detection systems (firewalls, secure HTTPS, DoS prevention) in our production network to ensure maximum protection of our application and global carrier connections
Encryption
To ensure the protection of customer information, nimbata encrypts call-tracking data in transit and at rest on servers utilizing recognized encryption protocols. Encryption in transit: All data sent to or from our infrastructure is encrypted in transit via industry best practices using Transport Layer Security (TLS).
Nimbata also offers encryption at rest, where all volumes used to safely store call data, including recordings, transcriptions, and log files are encrypted using battled-proofed encryption algorithms in the database. At end-of-life, AWS destroys disks per NIST 800-88 standards.
Application Access.
We are committed to providing the highest level of security for our customers. Our platform implements industry-standard encryption algorithms, to ensure the confidentiality and integrity of your data.
Authentication
Nimbata includes robust authentication measures to keep your data safe and secure. To protect against unauthorized access, we enforce a strong password policy and support two-factor authentication that is highly secure and user-friendly.
Access Management
Role-based access control (RBAC) is offered on all our accounts and allows our users to define the roles and permissions for staff within their organization and for approved integrations to access only the information needed within Nimbata.
Auto-signoff
Protect sensitive information by ensuring that unattended devices or forgotten sessions are logged out, reducing the risk of unauthorized access to the platform and the data it contains. By automatically logging the user out after 30 minutes of inactivity, Nimbata provides an added layer of security, giving you peace of mind that your data is always protected.
Service Reliability.
Monitoring
Nimbata monitors all application activities (including user interactions and API calls) to retain and analyze a comprehensive view of its corporate and production infrastructure. Administrative access, use of privileged commands, and system calls on all servers in Nimbata’s production network are automatically logged with a timestamp and other relevant system information. Administrators can audit activity records, keeping track of who did what and when to prevent unauthorized access and ensuring compliance.
Data Backup
Nimbata services uses geographically separate environments to ensure data availability and uptime. In the unlikely event of simultaneous failure of both environments, Nimbata maintains backups, meaning that the RPO is no greater than 24 hours. Users can also take their own data backups using cvs and json file export, giving you full control of your lead data.
Digital Compliance.
Customers can adapt Nimbata services to their organizational needs in order to comply with data protection legislation such as the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), UK Data Protection act 2018, or, the Swiss Data Protection act, etc. To help our customers with compliance, we continuously add flexibility to our call tracking and call conversion platform, API, and integrations.
HIPAA compliant
When it comes to healthcare, we take HIPAA compliance seriously. Nimbata has all the necessary technical safeguards in place to keep patient information secure, and only authorized personnel can access it.
GDPR aligned
Nimbata has implemented all the necessary procedures, so that you remain GDPR compliant. All data collection, storage and processing procedures, are designed to ensure an appropriate level of security for Customer Personal Data, in accordance with Article 32 of the GDPR.
DPA
Our DPA outlines our obligations and responsibilities in collecting, storing, processing, and transmitting personal data and ensures that it is handled in a secure and compliant manner, in accordance with privacy and data protection laws.
SCC
We utilize Standard Contractual Clauses (SCCs) in our agreements to ensure the protection of personal data in compliance with EU data protection laws. By incorporating SCCs into our contracts, we can confidently transfer personal data, knowing that we are taking appropriate measures to protect the privacy and security of the individuals whose data we handle.
FAQ
All our sub-processors are available on the privacy policy at www.nimbata.com/privacy . All Customer Data is stored in the cloud top-tier global cloud providers. The other sub-processors may or may not see a particular Customer’s data depending on which Nimbata’s products and services the customer is using.
Absolutely!
Nimbata participates in the EU-U.S. Privacy Shield framework (“Framework”) as set forth by the U.S. Department of Commerce, regarding the processing of personally identifiable information transferred from the EU and European Economic Area (“EEA”) to the U.S. Nimbata has certified that it adheres to the Privacy Shield Principles. To learn more about the Framework and to view our certification page, please visit https://www.privacyshield.gov/.
Nimbata will also enter into Standard Contractual clauses for cross-border data transfers.
Check out our privacy policy page for details on this.
With respect to the data collected and stored by our Customers, the Customer is the Data Controller, and Nimbata is the Data Processor. We will enter into a Data Processing Agreement or DPA with any Customer that requests one.