Payments is now live!

Your security is our security

We use Nblocks ourselves and treat security as an integrated part of our product development process. This ensures that the highest security standards are always built into everything we create. We are ISO27001 certified, GDPR compliant, and undergo weekly pen tests. Every one of these efforts is a symbol of our ongoing commitment to data security and privacy protection.
ISO 27001 certificated

Systemized information security

Nblocks is certified according to the internationally recognized standard ISO/IEC 27001:2013 which provides a framework for information security management.

By undergoing the certification process, we implemented an information security management system further ensuring nblocks follows industry best practices when it comes to managing the security and confidentiality of our information and data.
GDPR compliant

Compliant by design

We are fully committed to GDPR compliance as part of our unwavering dedication to safeguarding your personal data. All our AWS resources are collected in a Virtual Private Cloud (VPC) in an AWS data center within the EU (Ireland).

Transparency, data minimization, consent, robust security measures, a dedicated Data Protection Officer, and a commitment to swift data breach response are pillars of our approach. We respect the rights under GDPR, which include the right to access, correct, delete, or transfer your data, as well as the right to withdraw consent.
Data protection

Highest standars of protection

Nblocks is hosted in a Virtual Private Cloud (VPC) in Amazon Web Service (AWS). AWS data centers practice the highest standards in both physical and digital protection against data breaches and are certified with ISO 27001 amongst others. More information about the Data Protection of AWS can be found at https://aws.amazon.com/compliance/data-protection/

All application and database data both in transfer and at rest are encrypted and the only entry points to Nblocks infrastructure from the outside world are port 80 and 443. The sole purpose of port 80 is to gracefully redirect traffic to the encrypted HTTPS port 443.Data in transit over open networks are encrypted using HTTPS/TLS.

On the infrastructure level access to production environments with databases and file storage are completely restricted. Only system administrators that are responsible for operation and maintenance can temporarily access data during a set time window, geographical place and key pair. This access is granted case by case by the CTO.

Minimum effort, maximum security

Security - a key in our dev process

We work with code reviews, automated tests, and vulnerability scans. The software includes automated tests that test known ways of penetrating the software and trying to access resources that should not be granted. Every code change is reviewed from a security perspective and only the CTO can approve a code change for a production release.

Pro-active & frequent pen testing

We use an independent third party that continuously monitors our applications for known weaknesses and vulnerabilities. We also use AWS Trusted Advisor to scan and keep the infrastructure protection up to date.

Always up-to-date with latest patches and updates

Nblocks reviews its frameworks and updates on a recurring basis with a monthly security review. Vital patches and upgrades are prioritized in our 2-week sprint schedule, and our team can initiate an escalated update of the system if a critical update is released from any framework used.

Build SaaS how it should be built today

Give your app superpowers with a code snippet.