Email API
Calendar API
Contacts API 
Scheduler
Notetaker API
Google email & calendar integration
Outlook email & calendar integration
IMAP integration
Calendar management
Embedded contextual email
Scheduling automation
Automated outreach
Expense management
Customer relationship management
Applicant tracking system
Communications platform
Marketplaces
Document management
Docs
SDKs
Tutorials
API status
Changelog
Support
Blog
Events
Guides
Inspiration gallery
Partners
Build vs. buy
Customer stories
Security & Compliance
Why Nylas
NewsroomSecurity at Nylas
Security is built into the fabric of our products, infrastructure, and processes, so you can rest assured that your data is safeguarded.
Security
Security is at the cornerstone of our applications and services and we’re committed to ensuring the unwavering safety of your company’s data. With security built into the core of our products, you can rest assured knowing your data will always be safe, secure, and protected.
Infrastructure security
Nylas utilizes Web Application Firewalls to strengthen infrastructure security. Our infrastructure is continuously monitored for security vulnerabilities and cloud misconfigurations. Any identified vulnerabilities are remediated in a timely manner in accordance with our vulnerability and risk management practices.
Operational resilience
Nylas ensures operational resiliency requirements are built into our architecture design and development processes. Nylas performs Business Continuity, Disaster Recovery and Incident Response tests on at least an annual basis.
Product security
Nylas’ products are built with a security-first mindset. The Nylas Architecture Review process requires mandatory peer reviews, and the SDLC process ensures all new code is scanned using static analysis tools to detect any vulnerabilities in code. Nylas maintains a Vulnerability Disclosure Program, private Bug Bounty program and ensures third-party penetration tests are conducted annually
Data isolation
Nylas logically separates account data with the concept of ‘Nylas Applications’. Each Nylas Application has a separate client ID and client secret that requires accounts to be authenticated individually.
Data security
Nylas encrypts data at rest as well as in transit. Nylas utilizes TLS v1.2 or greater for all data in transit. All stored data is encrypted at rest using a minimum of AES-256 or equivalent.
Security monitoring
Nylas continuously monitors network traffic for malicious activities. Nylas uses a security threat detection and SOAR platform to monitor and automate high priority security alerts.
Physical security
Nylas is a fully remote company. All physical security controls are the responsibility of our data center providers: Amazon Web Services (AWS) and Google Cloud Platform (GCP).
Privacy
We are committed to ensuring the privacy of your data. We’re further committed to preventing unauthorized access to that data. Our Privacy Policy details what data is collected, how we use it, and how it is stored.
General Data Protection Regulation (GDPR)
We ensure our data collection and handling practices comply with the General Data Protection Regulation (GDPR) and its rules on data protection, privacy, and transfer. Nylas is GDPR compliant.
Data Processing Addendum (DPA)
We use a Data Processing Addendum (DPA) to ensure adequate safeguards are put in place to protect customer personal data processed by Nylas. The DPA obliges us to implement appropriate security measures, limit access to personal data, alert customers to incidents and data requests involving their data, and more.
Data Privacy Framework
The EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF were respectively developed by the U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union, United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law. Nylas is self-certified with the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S DPF. You can find more information in our Privacy Policy.
California Consumer Privacy Act (CCPA)
We comply with the California Consumer Privacy Act (CCPA), which outlines privacy requirements related to data collection, storage, access, and more. We do not sell the personal information we collect to other parties.
GLBA Privacy Rule
As a partner to our clients in the financial sector, we comply with the Gramm-Leach-Bliley Act Privacy Rule.
Compliance
We’ve engaged respected third-party firms to audit our infrastructure and security practices, resulting in a System and Organization Controls (SOC) 2 Type II audit report, HIPAA/HITRUST report, ISO 27001 and ISO 27701 certification.
SOC 2 Type II
SOC 2 is a means for ensuring a service provider adequately secures customer data, and the SSAE 18 audit standard assures customers that a provider’s security apparatus is working smoothly. Our SOC 2 Type II report covering the security, availability, and confidentiality trust service criteria is available under NDA to current and prospective customers.
ISO 27001
ISO 27001 is the world’s best-known standard for information security management systems (ISMS). It defines requirements an ISMS must meet. It provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system. You can request a copy of our ISO 27001 certificate in our Trust Center.
ISO 27701
ISO 27701 is the world’s best-known standard for privacy information management systems (PIMS). It defines requirements a PIMS must meet, and this standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving a privacy information management system. You can request a copy of our ISO 27701 certificate in our Trust Center.
CSA Cloud Security Alliance
The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings. This publicly accessible registry allows cloud customers to assess their security providers. View Nylas’s listing here.
HIPAA/HITECH
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) ensures that the proper security and privacy controls are in place to secure protected health information (PHI). Our report is available under NDA to current and prospective customers.
Cloud compliance
The Nylas Platform runs on Amazon Web Services (AWS) and Google Cloud Platform (GCP). We recommend you also review their compliance information by clicking on their links.
Everything connected. Everything secure.
Our first priority is to keep you safe and secure. We are committed to transparency which is why we are trusted by the world’s leading organizations.
Start building the future
Get your API key and connect up to 5 accounts for free.
