Infrastructure
Nissa runs on cloud infrastructure provided by leading providers with SOC 2, ISO 27001, and other industry certifications. Our infrastructure includes:
- Geographic data residency: Customer data is stored in the region you specify during onboarding.
- Redundancy: All data is replicated across multiple availability zones for durability and disaster recovery.
- Backups: Automated daily backups with point-in-time recovery capabilities. Backups are encrypted and stored in separate geographic locations.
Application security
- Authentication: Support for SSO (SAML 2.0) and multi-factor authentication.
- API security: All API endpoints require authentication. Rate limiting and abuse detection are enabled by default.
- Input validation: All user input is validated and sanitized to prevent injection attacks.
- Dependency management: Automated scanning for known vulnerabilities in third-party dependencies.
Data handling
- Contract processing: Documents are processed in isolated environments. Processing artifacts are deleted after extraction is complete.
- Data retention: You control your data. Upon account termination, all contract data is permanently deleted within 30 days.
- Data portability: Export your data at any time in standard formats.
Organizational security
- Background checks: All employees with access to production systems undergo background checks.
- Security training: Regular security awareness training for all team members.
- Incident response: Documented incident response procedures with defined escalation paths and notification timelines.
- Vendor management: Third-party vendors with access to customer data are subject to security review and contractual obligations.
Compliance
We are committed to meeting the compliance requirements of our customers. Our current compliance posture includes:
- SOC 2 Type II (in progress)
- GDPR-compliant data processing
- Standard contractual clauses available for international data transfers
- Data Processing Agreement (DPA) available upon request
Vulnerability disclosure
We welcome responsible disclosure of security vulnerabilities. If you discover a potential security issue, please report it to security@nissa.ai. We commit to:
- Acknowledging receipt within 24 hours
- Providing regular updates on remediation progress
- Not pursuing legal action against good-faith reporters
Questions
For security inquiries, to request our SOC 2 report, or to discuss specific compliance requirements, contact us at: