Would you like to change to Spanish?

Vamos No
📚 NEW GUIDE! People & Culture Leaders' best practices in employee engagement Download now

Security Policy

The purpose of this Security Policy is to guarantee that the criteria of information Confidentiality, Integrity and Availability are met, as well as to continue delivering the services offered to our clients should disruptive events occur relating to such.

This policy defines a set of principles applicable to all components and systems involved in the hosting service.


1. Access controls

We limit access to personal data by implementing appropriate access controls.

2. Availability and back-up of User Personal Data

We regularly back-up User Personal Data. Back-ups are encrypted and stored separately.

We have a monitoring and alert system to identify possible issues that could happen in the platform.

3. Disposal of IT equipment

We have in place processes to securely remove all personal data before disposing of IT systems (for example, by using appropriate technology to purge equipment of data and/or destroying hard disks).

4. Encryption

We use encryption technology where appropriate to protect User Personal Data held electronically.

5. Transmission or transport of User Personal Data

We will implement appropriate controls to secure User Personal Data during transmission or transit.

Data is always transmitted encrypted from the client to our end, and also from us to different providers.

6. Device hardening

We will remove unused software and services from devices used to process User Personal Data. Default passwords that are provided by hardware and software producers will not be used.

7. Security Audit

In order to ensure high security standards NAILTED has undergone cybersecurity audits by https://atalantago.com/.

8. Staff

We encourage a “security culture” both internally, in relation to all staff, and externally, in relation to clients and providers.

We have a team in charge of reviewing and managing alerts and/or notifications regarding security flaws and/or possible bugs.

9. Platform

We perform automated testing before any change is deployed to production. Exceptions and logs are fully anonymised.

10. Development & operations

By internal policies, in case a security issue happens, those will be immediately prioritized. The access to the production environment and the customer data is protected by 2-factor authentication.

All changes in the code are tested, reviewed and properly logged, we use Github as a SCM.

Deployments are automated and the members of Nailted are not performing any manual task inside the production servers.

This document’s last update: April 2021