Enterprise-Grade Security for Every API Call
Protect user data with secure connections developers can trust.

Stop Trying to Solve Security Yourself
Nylas gives you everything you need to build deep integrations without the risk. Our platform adheres to SOC 2, GDPR, CCPA, HIPAA | HITECH, and FINRA regulations and undergoes rigorous external audits and penetration tests.
Engineering
Build the features you need without worrying about a secure connection.
Product
Launch features faster by streamlining security review and certification processes.
Operations
Keep things moving smoothly with connections that are secure, compliant, and reliable.
Streamlined Security for Modern Software

Navigate Google’s OAuth Security Process
Get the lowest possible rates and enjoy priority white-glove service that helps take the pain out of Google’s mandatory OAuth verification and security assessment.

Enjoy Pre-Built Security & Compliance
Rest easy with a solution that adheres to SOC 2, GDPR, CCPA, HIPAA, and FINRA regulations. Our platform is regularly tested and audited by third-party security firms.

Get Full Transparency Into Our Processes
We provide full reporting on our security processes for data encryption, infrastructure and physical security, network transport and storage, SLAs, and more.
Everything Connected. Everything Secure.
SOC 2 Type II
Certified for SOC 2 and with all the documentation to back up our claims.
GDPR
Conforms to GDPR and abides by best practices for handling and processing user data.
EU SCC
Ensures the safeguarding of data that requires international transfer.
CCPA
Employs fully-compliant processes for data handling, access, portability, and deletion.
HIPAA / HITECH
Helps move healthtech forward safely with HIPAA Type 1 / HITECH Compliance.
FINRA
Complies with all rules governing registered brokers and firms in the US.
Security is Built into Our Code
Express Security Review
Simplify the Google OAuth security review process, and get certified in as little as two weeks with the lowest guaranteed rates.

Data Residency
Choose from data centers across the United States, Canada, and the European Union.
Service Accounts
Allow your users to onboard everyone in their organization instantly through a single admin.
SSO Support
Securely onboard large numbers of users with SSO support for Okta and OneLogin.
Authentication Scopes
Sync only the data you need and nothing more.
Auth Options
Choose how users authenticate accounts — hosted and native flows available.
Secure Architecture Built from the Ground Up
Encryption and Access Control
Data for each account is isolated with multilevel permission checks at both the application and service layers. All Nylas API calls require proprietary OAuth2 authentication tokens only granted by Nylas. User data is encrypted at rest using enterprise-grade standards.
Network Transport and Storage
Nylas systems enforce TLS for public and private networks, and only support certificates signed by well-known CAs. Persistence and storage layers are encrypted and secured behind VPN & VPC firewalls.
Infrastructure and Physical Security
Nylas products run on Amazon Web Services in a secure facility with active monitoring, comprehensive system logging, and security, including AICPA SysTrust, ISO 27001, and other leading physical security measures.
Operational Security
Only limited security personnel have access to decryption keys for debugging. We regularly undergo third-party audits. We utilize thorough background checks on all our employees.
Security-Centric Product Management
We have a dedicated full-time security team. We consider security implications before starting any project or feature development. We monitor our systems constantly and keep up with industry alerts to patch security vulnerabilities in the software we use immediately.
Flexible Deployment Options
Nylas Hosted
Nylas runs your email sync infrastructure and scales transparently as your app grows.
Self-Hosted
Deploy on your private infrastructure. On-prem options available for enterprise customers.