Security

See our Security Info below. If you have a question that isn't addressed there, please email contact@nimbledroid.com.

Security

We understand the security of your company's pre-release apps is extremely important. This page describes some of the measures we employ to ensure your apps are safe. If you have any questions, please don't hesitate to contact us.

  • Our website is hosted in ISO 27001 and FISMA certified data centers managed by Amazon Web Services
  • Physical access to data centers is strictly controlled both at the perimeter and at building ingress points
  • Data centers employ onsite security staff, video surveillance, and intrusion detection systems
  • Authorized staff must pass two-factor authentication a minimum of two times to access data center floors
  • Data centers are housed in nondescript facilities
  • Physical security verified by third-party auditors. For more information see http://aws.amazon.com/security/
  • Security policies and procedures, regularly reviewed as part of the Amazon Web Services SSAE 16 Type II audit process
  • Systems access logged and tracked for auditing purposes
  • Regular system patching processes to provide ongoing protection from exploits
  • Firewall to prohibit unauthorized system access
  • Intrusion detection systems to provide an additional layer of protection against unauthorized system access

All access to the NimbleApp website is restricted to HTTPS encrypted connections. All apps are uploaded through HTTPS encrypted connections so that no one can eavesdrop on the network sockets. Once uploaded, apps are temporarily stored within the Amazon Simple Storage Service, part of the Amazon Web Services and subject to the same high security standards. Apps are deleted as soon as performance analysis succeeds.

User passwords are secured with BCrypt (more specifically, 10 rounds of salted and peppered BCrypt). They are never stored in the database in plaintext and are not readable by staff. Passwords do provide access to the NimbleApp website, however, and it is the responsibility of the end user to protect his password with care. NimbleApp also offers and recommends optional OAuth2 login integration with Google for users who would like additional authentication security and convenience.

NimbleApp never collects or stores passwords for external applications like Google and Slack. Integration with third-party apps is done via either OAuth or API keys.

Your input and feedback on our security as well as responsible disclosure is always appreciated. If you have a security concern, please email us at contact@nimbledroid.com.

Close

Subscribe to our mailing list

* indicates required
I'm interested in receiving

This website or its third-party tools process personal data (e.g. browsing data or IP addresses) and use cookies or other identifiers, which are necessary for its functioning and required to achieve the purposes illustrated in the Cookie Policy.

To find out more about the categories of personal information collected and the purposes for which such information will be used, please refer to our Privacy Policy.

By accepting, you consent to be bound by NimbleDroid’s terms and conditions, and you consent to the use of cookies and the processing of your personal data in accordance with company policy. If you do not accept, NimbleDroid shall not process your personal data for any purpose during your use of the services.

Accept
Reject
Ask me later