Security and Compliance
Common questions related to security, compliance, privacy policy and terms and conditions
What should I do if I have regulatory or security issues with PII?
We regularly work with big companies and are happy to help and support you with guidance, and various compliances including reports to ease your security and legal team. If you have concerns about PII, you can use our OS version, Novu Hybrid-Cloud enterprise plan, or reach out to us at sales@novu.co, support@novu.co, or Discord.
I need my data to reside in the EU, can it be done?
Yes, as part of our GDPR compliance we have our cloud version available on both EU (Frankfurt), as well as US (Virginia).
Are you GDPR compliant?
Yes, you can see the complete compliance report on our security page. Novu also decided to take the extra step and provide separate data residency in both the EU and the US.
I created my account in the EU/US, can I switch to the other one?
Not exactly, to keep data residency intact we cannot simply copy or move data between data warehouses across US and EU. However if you have the need please contact us at sales@novu.co
Are you SOC 2 compliant?
Yes, Novu Cloud is SOC 2 Type II compliant, we have made sure to do penetration tests, security training, evidence collection, and SDL. You can see live control updated on our security page, and ask for our security report as well at sales@novu.co.
Are you ISO 27001 compliant?
Yes, Novu Cloud is ISO27001 compliant, we have made sure to go through both Stage 1 and Stage 2 audits, and fully define ISMS requirements. From entirely creating our organization processes, defining organization risk assessment policies, and building organization Incident Response & Disaster Recovery plans.
Where is my data stored?
Based on the selected solution there are a couple of options. On the OS option based on where you choose to store it :) As to the Novu Cloud solution, you can choose the EU (Frankfurt) or the US (Virginia). In case you are working on the Novu Hybrid-Cloud solution we will help you deploy your data inside your select network.
For how long user data is stored?
By default, data is stored using the following TTL values
- Notifications (for 1 month)
- Jobs (for 1 month)
- Message (for in-app messages - 12 months, for all other messages - 1 month)
- Execution Details (for 1 month)
- Subscribers, Workflows, Feeds, Layouts (Not deleted automatically, can be deleted by the user at any time)
If you want to delete any specific data or information, reach out to us at support@novu.co
How to report any vulnerability or security issue?
We are equally committed to our users and their data’s security. We highly appreciate it if someone shares security vulnerabilities with us. Feel free to use the github issue or email us at security@novu.co.
Was this page helpful?