Security at NerdFlo
We take your security and privacy seriously. Here's how we protect your data.
Our Commitment
Security is not an afterthought at NerdFlo—it's built into everything we do. We implement industry-leading security practices and maintain SOC 2 compliance standards to ensure your data is protected at all times.
Security Features
End-to-End Encryption
Your notes and content are encrypted with industry-standard algorithms (AES-256).
Secure Authentication
Two-factor authentication (2FA) and OAuth support for additional account security.
Data Encryption in Transit
All data transferred between your device and our servers is encrypted using TLS 1.3.
Regular Security Audits
We conduct quarterly security audits and penetration testing by third-party experts.
Secure Data Centers
We partner with ISO 27001 certified data center providers with redundancy and backup systems.
Access Controls
Strict access controls ensure only authorized personnel can access your data.
Data Privacy
Your data belongs to you. We do not sell your personal information or content to third parties. We only share data when necessary to provide our services or when required by law.
GDPR Compliant: We comply with the General Data Protection Regulation (GDPR) and provide tools to help you exercise your data rights.
Regular Backups: Your data is automatically backed up to multiple geographic locations to ensure availability and disaster recovery.
Incident Response
We have a comprehensive incident response plan in place. In the event of a security incident, we will:
- Immediately investigate and contain the incident
- Notify affected users within 24 hours
- Provide guidance on protective measures
- Work with law enforcement if necessary
- Conduct a post-incident analysis to prevent recurrence
Compliance & Certifications
SOC 2 Type II
Demonstrating our commitment to security, availability, and confidentiality.
GDPR Compliant
Meeting all requirements for protecting EU user data.
CCPA Compliant
Respecting California consumer privacy rights.
Responsible Disclosure
If you discover a security vulnerability, please report it responsibly to our security team at:
security@nerdflo.com
We appreciate your help in keeping NerdFlo secure and will acknowledge your report within 48 hours. Please do not publicly disclose vulnerabilities until we've had an opportunity to address them. Based in the United States, we comply with US security standards and regulations.
Questions?
If you have questions about our security practices or want to learn more about how we protect your data, please contact us.
Contact Security Team