Check out the Nylas white paper to get details on our security processes for encrypting data, infrastructure and physical security, network transport and storage, reliability and SLAs, SOC 2 and more.
Nylas is SOC 2 Certified, GDPR compliant, EU Privacy Shield Certified, and HIPAA ready. Our products regularly undergo rigorous third-party audits and penetration tests.
Nylas set to out achieve SOC 2 certifications for the principles of security and confidentiality. We're happy to share our certificate with you.
Email data by nature contains highly sensitive, personally identifiable information (PII), and must be processed and regulated carefully. Nylas is proud to be GDPR compliant in how we process and store data.
Nylas has certified that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for such personal data.
Nylas provides a HIPAA-ready API built with enterprise-grade security standards. Our customers securely leverage the Nylas API while maintaining HIPAA compliance.
Data for each account is isolated with multi-level permission checks at both the application and service layers. All Nylas API calls require proprietary OAuth2 authentication tokens only granted by Nylas. User data is encrypted at rest using enterprise-grade standards.
Nylas systems enforce TLS for public and private networks, and only support certificates signed by well-known CAs. Persistence and storage layers are encrypted and secured behind VPN & VPC firewalls.
Nylas products run on Amazon Web Services in a secure facility with active monitoring, total system logging, and security including AICPA SysTrust, ISO 27001, and other leading physical security measures.
Only limited security personnel have access to decryption keys for debugging. We regularly undergo third party audits. We utilize thorough background checks on all our employees.
We have a dedicated full time security team. We consider security implications before starting any project or feature development. We monitor our systems constantly and industry alerts to immediately patch security vulnerabilities in the software we use.
“Other APIs lacked the security and breadth of email provider support that we needed, Nylas allowed us to add support for Office365, Outlook, Exchange, and IMAP email providers in a scalable, secure way.”