Encryption and Access Control
Data for each account is isolated with multilevel permission checks at both the application and service layers. All Nylas API calls require proprietary OAuth2 authentication tokens only granted by Nylas. User data is encrypted at rest using enterprise-grade standards.
Network Transport and Storage
Nylas systems enforce TLS for public and private networks, and only support certificates signed by well-known CAs. Persistence and storage layers are encrypted and secured behind VPN & VPC firewalls.
Infrastructure and Physical Security
Nylas products run on Amazon Web Services in a secure facility with active monitoring, comprehensive system logging, and security, including AICPA SysTrust, ISO 27001, and other leading physical security measures.
Only limited security personnel have access to decryption keys for debugging. We regularly undergo third-party audits. We utilize thorough background checks on all our employees.
Around-the-Clock Security Monitoring
We have a dedicated full-time security team. We consider security implications before starting any project or feature development. We monitor our systems constantly and keep up with industry alerts to patch security vulnerabilities in the software we use immediately.