See our Security Info below. If you have a question that isn't addressed there, please email contact@nimbledroid.com.

Security

We understand the security of your company's pre-release apps is extremely important. This page describes some of the measures we employ to ensure your apps are safe. If you have any questions, please don't hesitate to contact us.

  • Our website is hosted in ISO 27001 and FISMA certified data centers managed by Amazon Web Services
  • Physical access to data centers is strictly controlled both at the perimeter and at building ingress points
  • Data centers employ onsite security staff, video surveillance, and intrusion detection systems
  • Authorized staff must pass two-factor authentication a minimum of two times to access data center floors
  • Data centers are housed in nondescript facilities
  • Physical security verified by third-party auditors. For more information see http://aws.amazon.com/security/
  • Security policies and procedures, regularly reviewed as part of the Amazon Web Services SSAE 16 Type II audit process
  • Systems access logged and tracked for auditing purposes
  • Regular system patching processes to provide ongoing protection from exploits
  • Firewall to prohibit unauthorized system access
  • Intrusion detection systems to provide an additional layer of protection against unauthorized system access

All access to the NimbleApp website is restricted to HTTPS encrypted connections. All apps are uploaded through HTTPS encrypted connections so that no one can eavesdrop on the network sockets. Once uploaded, apps are temporarily stored within the Amazon Simple Storage Service, part of the Amazon Web Services and subject to the same high security standards. Apps are deleted as soon as performance analysis succeeds.

User passwords are secured with BCrypt (more specifically, 10 rounds of salted and peppered BCrypt). They are never stored in the database in plaintext and are not readable by staff. Passwords do provide access to the NimbleApp website, however, and it is the responsibility of the end user to protect his password with care. NimbleApp also offers and recommends optional OAuth2 login integration with Google for users who would like additional authentication security and convenience.

NimbleApp never collects or stores passwords for external applications like Google and Slack. Integration with third-party apps is done via either OAuth or API keys.

Your input and feedback on our security as well as responsible disclosure is always appreciated. If you have a security concern, please email us at contact@nimbledroid.com.