Effective Date: 03/01/2021
The entire Nash team is dedicated and committed to keeping your data safe. We adhere to industry-leading standards to manage our network, secure our application, and set policies across our organization. If you believe you have discovered a problem or have any questions, please contact us at firstname.lastname@example.org.
Communications & Connections
- Nash forces HTTPS for all services using TLS (SSL), including our public website, API, and user dashboards.
- Any attempt to connect over HTTP is redirected to HTTPS.
- All connections to Nash services internally and externally are encrypted by default, in both directions using modern ciphers and cryptographic systems. We will never connect to a data source using an unencrypted connection.
- We regularly audit the details of our implementation, including the certificates we serve, the certificate authorities we use, and the ciphers we support
- Nash's servers are hosted in Amazon Web Services. Physical and environmental security is handled entirely by Amazon and their vendors. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 1, 2, and 3, and ISO27001. See Amazon compliance and security docs for more detailed information.
- All data in Nash is encrypted at rest and in transport
Nash Company Policies
- Nash mandates that employees act in accordance with security policies designed to keep customer data safe.
- Nash requires sensitive data to be encrypted using industry-standard methods when stored on disk or transmitted over public networks.
- Nash controls access to sensitive data, application data, and cryptographic keys.
- Two-factor authentication and strong password controls are required for administrative access to any of our systems.
Compliance & Privacy