Security & Privacy

Enterprise-grade security and privacy controls have always been at the heart of Nylas. Here are some of the ways we protect and secure data in our infrastructure.

Enterprise-Grade Security

Check out the Nylas white paper to get details on our security processes for encrypting data, infrastructure and physical security, network transport and storage, reliability and SLAs, SOC 2 and more.

Download White Paper
Enterprise-Grade Security

Compliance Certifications

Nylas is SOC2 Certified, GDPR compliant, EU Privacy Shield Certified, and HIPAA ready. Our products regularly undergo rigorous third-party audits and penetration tests.

Security at Nylas

Encryption and Access Control

Encryption and Access Control

Data for each account is isolated with multi-level permission checks at both the application and service layers. All Nylas API calls require proprietary OAuth2 authentication tokens only granted by Nylas. User data is encrypted at rest using enterprise-grade standards.

Network Transport and Storage

Network Transport and Storage

Nylas systems enforce TLS for public and private networks, and only support certificates signed by
well-known CAs. Persistence and storage layers are encrypted and secured behind VPN & VPC
firewalls.

Infrastructure and Physical Security

Infrastructure and Physical Security

Nylas products run on Amazon Web Services in a secure facility with active monitoring, total system
logging, and security including AICPA SysTrust, ISO 27001, and other leading physical security
measures.

Operational Security

Operational Security

Only limited security personnel have access to decryption keys for debugging. We regularly undergo
third party audits. We utilize thorough background checks on all our employees.

Security-Centric Product Management

Security-Centric Product Management

We have a dedicated full-time security team. We consider security implications before starting any
project or feature development. We monitor our systems constantly and industry alerts to immediately
patch security vulnerabilities in the software we use.

nylas-pipedrive

“Other APIs lacked the security and breadth of email provider support that we needed, Nylas allowed us to add support for Office365, Outlook, Exchange, and IMAP email providers in a scalable, secure way.”

Martin Henk

Co-founder and Head of Product at Pipedrive

Read More
nylas-pipedrive