- Products
- Solutions
- Developers Go to DevelopersDocumentationTools & resources
E-Commerce
Sales & Marketing (CRM)
Insurance/Fintech
Recruiting
Human Resources
Customer Service
PropTech
Enterprise Solutions
SMB Solutions
Blog
Guides
Events
Infographics
Video tutorials
Neural API
Changelog
SDKS
Tutorials
API StatusSecurity at Nylas
Security is built into the fabric of our products, infrastructure, and processes, so you can rest assured that your data is safeguarded.
Streamlined security for modern software
Security is at the cornerstone of our applications and services and we’re committed to ensuring the unwavering safety of your company’s data. With security built into the core of our products, you can rest assured knowing your data will always be safe, secure, and protected.
Express security review
Simplify the Google OAuth security review process, and get certified in as little as two weeks with the lowest guaranteed rates.
Data residency
Choose from data centers across the United States, Australia, and the European Union.
Service accounts
Allow your users to onboard everyone in their organization instantly through a single admin.
SSO support
Securely onboard large numbers of users with SSO support for Okta and OneLogin.
Authentication scopes
Sync only the data you need and nothing more.
Auth options
Choose how users authenticate accounts — hosted and native flows available.
Security within our products
Our platform adheres to the most rigorous security and compliance standards so you can feel confident that your company and customer data remain safeguarded.
SOC 2 Type II
GDPR
CCPA
HIPAA/HITECH
ISO2700I
ISAE 3402
SOC 1 TYPE I
EU SCC
Everything connected. Everything secure.
Our first priority is to keep you safe and secure. We are committed to transparency which is why we are trusted by the world’s leading organizations.
Secure architecture built from the ground up
Encryption and access control
Data for each account is isolated with multilevel permission checks at both the application and service layers. All Nylas API calls require proprietary OAuth2 authentication tokens only granted by Nylas.
Network transport and storage
Nylas systems enforce TLS for public and private networks, and only support certificates signed by well-known CAs. Persistence and storage layers are encrypted and secured behind VPN & VPC firewalls.
Infrastructure and physical security
Nylas products run on Amazon Web Services in a secure facility with active monitoring, comprehensive system logging, and security, including AICPA SysTrust, ISO 27001, and other leading physical security measures.
Operational security
Only limited security personnel have access to decryption keys for debugging. We regularly undergo third-party audits and utilize thorough background checks on all our employees.
Around-the-clock monitoring
Security is at the forefront of our processes and we monitor our systems constantly to keep up with industry alerts and patch security vulnerabilities immediately.
Frequently asked questions
How is customer data isolated from that of other customers?
Nylas logically separates account data with the concept of Nylas Applications. Each Nylas Application has a separate client ID and secret, and accounts need to be authenticated against each Nylas Application individually. When an account is authenticated, Nylas returns a scoped access token to be used with Nylas’ APIs to access that account’s data. This is the only way to access data for that account. Account data is stored in a sharded database cluster, and is always encrypted in transit and at rest using industry best practices. Customers have control over what account data is stored as well as the data retention period for each Nylas Application.
What data does Nylas process?
Once an account is connected to Nylas, our platform is capable of processing any email, calendar, and contact data associated with it. Our API reference has a complete list of fields for each type of data object:
Not all of this data is processed for every account. Customers control what data is processed using granular OAuth scopes when authenticating accounts.
Let’s Talk
Contact us to schedule a technical consultation. We’ll review your goals and help you identify the best solution with the Nylas platform.