Security & Privacy
Enterprise-grade security and privacy controls have always been at the heart of
Nylas. Here are some of the ways we protect and secure data in our
Check out the Nylas white paper to get details on our security processes for encrypting data, infrastructure and physical security, network transport and storage, reliability and SLAs, SOC 2 and more.
Nylas is SOC2 Certified, GDPR compliant, EU Privacy Shield Certified, and HIPAA ready. Our products regularly undergo rigorous third-party audits and penetration tests.
Security at Nylas
Encryption and Access Control
Data for each account is isolated with multi-level permission
checks at both the application and service layers. All Nylas
API calls require proprietary OAuth2 authentication tokens
only granted by Nylas. User data is encrypted at rest using
Network Transport and Storage
Nylas systems enforce TLS for public and private networks,
and only support certificates signed by well-known CAs.
Persistence and storage layers are encrypted and secured
behind VPN & VPC firewalls.
Infrastructure and Physical Security
Nylas products run on Amazon Web Services in a secure facility
with active monitoring, total system logging, and security
including AICPA SysTrust, ISO 27001, and other leading physical
Only limited security personnel have access to decryption
keys for debugging. We regularly undergo third party audits.
We utilize thorough background checks on all our employees.
Security-Centric Product Management
We have a dedicated full-time security team. We consider
security implications before starting any project or feature
development. We monitor our systems constantly and industry
alerts to immediately patch security vulnerabilities in
the software we use.
“Other APIs lacked the security and breadth of email provider support that we needed, Nylas allowed us to add support for Office365, Outlook, Exchange, and IMAP email providers in a scalable, secure way.”
Co-founder and Head of Product at Pipedrive