Solutions
Who We Serve
Why Nimbus
About
Map
Free Tools
Blog
Pricing

Security

Nimbus Portfolio - Trust & Safety

Our Security Commitment

At Nimbus Portfolio, security is at the core of everything we do. We understand that you trust us with your most sensitive financial and investment data, and we take that responsibility seriously. Our comprehensive security program is designed to protect your information using industry-leading practices and technologies.

Security Certifications & Compliance

SOC 2 Type II

In Progress
Comprehensive security controls audit

GDPR Compliant

Certified
EU data protection compliance

CCPA Compliant

Certified
California privacy law compliance

Data Protection & Encryption

Encryption at Rest

  • AES-256 encryption for all sensitive data
  • Database-level encryption (TDE)
  • File system encryption
  • Secure key management with AWS KMS

Encryption in Transit

  • TLS 1.3 for all communications
  • Perfect Forward Secrecy (PFS)
  • Certificate pinning for mobile apps
  • HSTS headers for web security

Access Controls & Authentication

  • Multi-factor authentication (MFA) required for all accounts
  • Role-based access control (RBAC) with principle of least privilege
  • Regular access reviews and automated deprovisioning
  • Strong password policies with complexity requirements
  • Session management with automatic timeouts
  • Biometric authentication support for mobile devices
  • Single Sign-On (SSO) integration capabilities

Infrastructure Security

Network Security

  • • Firewall protection
  • • Intrusion detection (IDS)
  • • DDoS protection
  • • Network segmentation
  • • VPN access for employees

Server Security

  • • Hardened server configurations
  • • Regular security patches
  • • Container security scanning
  • • Runtime protection
  • • Secure boot processes

Cloud Security

  • • AWS/Azure security best practices
  • • CloudTrail logging
  • • Config compliance monitoring
  • • Secrets management
  • • Container orchestration security

Security Monitoring & Detection

  • 24/7 Security Operations Center (SOC) monitoring
  • Security Information and Event Management (SIEM)
  • Automated threat detection and response
  • Behavioral analytics and anomaly detection
  • Real-time alerting and incident response
  • Regular penetration testing and vulnerability assessments
  • Third-party security audits and assessments

Physical Security

Data Center Security

  • 24/7 physical security monitoring
  • Biometric access controls
  • Video surveillance (90-day retention)
  • Environmental monitoring
  • Redundant power and cooling
  • Fire suppression systems

Office Security

  • Keycard access control
  • Clean desk policy enforcement
  • Secure document disposal
  • Visitor management system
  • Equipment tracking and asset management
  • Employee security training

Incident Response & Recovery

  • Comprehensive incident response plan
  • Automated backup and disaster recovery systems
  • Regular disaster recovery testing
  • Cross-region data replication
  • Rapid incident containment procedures
  • Customer notification protocols
  • Post-incident review and improvement processes

Third-Party Security

We carefully vet all third-party service providers and ensure they meet our security standards:
  • Plaid Technologies: Bank-level security and SOC 2 compliance
  • Amazon Web Services: Industry-leading cloud security
  • Microsoft Azure: Enterprise-grade security controls
  • Stripe: PCI DSS Level 1 compliance for payment processing
  • Regular vendor security assessments and audits
  • Data processing agreements with all third parties

Security Best Practices for Users

How You Can Help Keep Your Account Secure

  • • Enable multi-factor authentication (MFA) on your account
  • • Use strong, unique passwords for all accounts
  • • Keep your contact information up to date
  • • Log out of shared or public computers
  • • Be cautious of phishing emails and suspicious links
  • • Report any suspicious activity immediately
  • • Keep your devices and browsers updated

Security Metrics & Performance

99.9%

Uptime SLA

<1min

Mean Detection Time

<15min

Mean Response Time

0

Data Breaches

Security Contact Information

For security-related questions, incident reporting, or vulnerability disclosures:

Email: help@nimbusportfolio.com
Our security program is continuously updated to address emerging threats and maintain the highest standards of protection.
Last Updated: January 1, 2025 | Version: 1.0