Security, privacy, compliance, and transparency — all Nevtan products and services
Welcome to the Nevtan Trust Center.
The Trust Center is the central resource for customers, partners, procurement teams, security reviewers, privacy officers, and compliance stakeholders who need to understand how Nevtan protects information, operates its services, and manages risk across our platform.
We believe trust is earned through consistent action — not claimed through marketing. This page provides direct access to the documentation, policies, commitments, and contact information that supports informed decisions about using Nevtan products and services.
Nevtan's trust program is built on five foundational commitments that apply across all products, services, and teams.
Protecting customer data and systems through layered technical and organizational controls, integrated throughout our product development and operations lifecycle.
Respecting customer information, supporting data subject rights, and maintaining responsible data handling practices across all products and services.
Providing clear, accessible information about our operations, data practices, compliance posture, and policies — without requiring customers to ask.
Building resilient systems with redundancy, monitoring, backup, and recovery capabilities designed to maintain service availability and business continuity.
Maintaining governance, operational oversight, defined responsibilities, and continuous improvement processes across security, privacy, and compliance functions.
Customers retain ownership and control of their data at all times. Nevtan processes Customer Data only as necessary to deliver, operate, secure, and support the Services.
Every Nevtan product and service is designed and operated according to these principles.
Principle
What It Means in Practice
Security by Design
Security requirements are defined during product planning and incorporated throughout design, development, testing, and deployment. Security is not applied after the fact.
Privacy by Design
Privacy considerations are integrated into technical and operational processes from inception. Data minimization, purpose limitation, and access controls are built in — not bolted on.
Least Privilege
Access to systems and data is restricted to the minimum necessary for each role or function. Elevated access requires explicit justification and periodic review.
Continuous Improvement
Security controls, privacy practices, and compliance programs are regularly reviewed and updated in response to new threats, regulatory changes, and operational learnings.
Shared Responsibility
Nevtan secures its platforms and infrastructure. Customers are responsible for how they configure, use, and control access to their accounts and the data they submit.
Security is integrated throughout the design, development, deployment, and operation of all Nevtan products and services. Our security program is designed to protect the confidentiality, integrity, and availability of customer information and the systems that process it.
Security Area
What We Do
Encryption
Data is encrypted in transit using modern transport protocols and encrypted at rest across databases, backups, file storage, and configuration data.
Identity & Access
Role-based access controls (RBAC) and least-privilege principles govern all system and data access. Multi-factor authentication is applied to administrative systems.
Infrastructure
Network segmentation, firewall controls, DDoS mitigation, and secure virtual networking protect the underlying platform across all products.
Secure Development
Security is incorporated into every stage of the software development lifecycle including design review, code review, dependency management, and pre-deployment testing.
Monitoring & Detection
Continuous infrastructure and application monitoring with logging, alerting, and anomaly detection supports rapid identification and response to security events.
Incident Response
Documented incident response processes cover detection, analysis, containment, recovery, and post-incident review. Customers are notified of applicable incidents per contractual commitments.
Vendor Risk
Third-party providers are evaluated for security posture, compliance, reliability, and operational maturity before engagement and reviewed on an ongoing basis.
Business Continuity
Data backups, infrastructure redundancy, recovery runbooks, and disaster recovery planning support service continuity and defined recovery objectives.
Vulnerability Management
Identified vulnerabilities are assessed, prioritized by risk severity, and remediated within defined timelines. Periodic penetration testing is conducted by qualified assessors.
Complete information about Nevtan's security program is available in the Security Overview at nevtan.com/security. Product-specific security documentation is available at each product site.
Nevtan is committed to responsible handling of personal information and customer data. Our privacy program is designed to support transparency, individual rights, and appropriate technical and organizational safeguards across all products.
Privacy Area
Our Approach
Data Minimization
We collect and process only the personal information necessary for the purposes described in our Privacy Policy. We do not collect data speculatively.
Purpose Limitation
Personal information is used only for the purposes for which it was collected, or compatible purposes where permitted by applicable law.
Data Subject Rights
We support access, correction, deletion, portability, restriction, objection, and consent withdrawal rights globally — not limited to specific jurisdictions.
Data Retention
Personal information is retained only as long as necessary to fulfill service delivery, legal, and operational obligations. Customers can export and delete their data.
Cross-Border Transfers
Where personal information is transferred across borders, appropriate contractual and technical safeguards are applied, including standard contractual mechanisms where required.
No Sale of Data
Nevtan does not sell personal information to third parties and does not share data for third-party advertising purposes.
Our Privacy Policy is available at nevtan.com/privacy. For data processing commitments, request our Data Processing Addendum (DPA) at nevtan.com/dpa.
Nevtan continuously evaluates regulatory requirements, industry expectations, and evolving standards to support customers operating across multiple jurisdictions and industries.
Our compliance program is global by design — built to accommodate customers in different markets rather than being built for one region and adapted for others.
Program
Status
Notes
SOC 2 Type II
Targeting Q4 2026. Report will be available to customers under NDA upon completion.
ISO 27001
Planned for 2027 following SOC 2 Type II completion.
Annual Penetration Testing
Conducted annually by qualified third-party security assessors.
AI Security Governance
Formal AI security governance framework in development for 2026–2027.
Customers with specific compliance requirements may contact trust@nevtan.com to discuss current certification status, audit reports, or compliance questionnaires.
Nevtan's privacy program is designed to support compliance with major data protection frameworks across global markets. Our approach is based on implementing strong privacy controls universally, rather than selectively by jurisdiction.
Compliance Area
Our Approach
Data Privacy
Privacy controls are implemented globally and designed to meet the requirements of major data protection frameworks across the jurisdictions in which our customers operate.
Data Subject Rights
Rights including access, correction, deletion, portability, restriction, and objection are supported globally for all users of Nevtan Services.
Cross-Border Transfers
International data transfers are governed by appropriate contractual mechanisms. Our DPA includes standard contractual clauses and equivalent transfer tools where required.
Consent Management
Cookie consent, marketing opt-in, and communications preferences are managed through built-in tooling consistent with applicable law.
Breach Notification
Documented breach assessment and notification procedures are in place, with customer notification timelines aligned to applicable regulatory requirements.
Nevtan Sign supports electronic signature requirements across multiple legal frameworks globally. Electronic signatures created through Nevtan Sign are designed to meet applicable legal standards in the jurisdictions where customers operate.
Framework Type
Coverage
Simple Electronic Signatures
Supported across all standard signature workflows. Appropriate for the majority of business agreements globally.
Advanced Electronic Signatures
Supported with enhanced identity verification and audit trail capabilities.
Audit Trail & Integrity
Every signing event is recorded with a tamper-evident audit trail including timestamps, IP data, and authentication events, supporting evidentiary requirements across jurisdictions.
Long-Term Validity
Document and signature preservation features support long-term validity requirements for regulated document types.
Customers are responsible for determining whether a specific signature workflow meets the legal requirements of their jurisdiction and use case. Nevtan Sign documentation provides guidance on matching signature types to legal requirements.
Nevtan maintains technical and organizational measures designed to protect customer information throughout its entire lifecycle — from collection through deletion.
All data transmitted between users, applications, APIs, and Nevtan services is protected using modern transport encryption protocols across all products and services.
Customer data stored within Nevtan systems — including databases, backups, file storage, and configuration data — is encrypted at rest.
Role-based access controls and least-privilege principles govern all access to customer data. Access is reviewed periodically and removed when no longer required.
Logical controls isolate customer data within shared environments. Customer tenancies are maintained as separate data domains with appropriate access boundaries.
Customer data is backed up on defined schedules. Backup integrity is periodically verified. Recovery procedures are documented and tested.
Upon account termination, customers are provided a period to export their data. Following the export window, Customer Data is securely deleted from Nevtan systems.
Nevtan may offer AI-powered capabilities across its products and services. We are committed to responsible AI practices that maintain customer trust, transparency, and control.
AI Governance Area
Our Commitment
Data Use
Customer Data is not used to train public AI models without the explicit authorization of the customer. AI features operate on customer data only as necessary to deliver the requested output.
Transparency
We document how AI features work, what data they access, and what limitations apply. Customers can make informed decisions about which AI features to enable.
Human Oversight
AI-generated outputs are presented as inputs to human decision-making — not as final decisions. Customers remain responsible for reviewing and validating AI outputs.
Security
AI features are subject to the same security controls as the rest of the platform, including access management, encryption, and monitoring.
Privacy
AI processing is governed by Nevtan's Privacy Policy and Data Processing Addendum. Personal information is handled consistently with our broader privacy program.
Accountability
Nevtan maintains oversight of AI capabilities deployed across products, with ongoing review of AI behavior, quality, and risk.
Third-Party AI
Where AI capabilities are powered by third-party models or APIs, those providers are listed in our Subprocessor List and are subject to our vendor risk management process.
Our AI & Data Usage Policy is available at nevtan.com/ai-policy.
Customers who require formal contractual privacy commitments — including organizations subject to data protection regulations, enterprise procurement requirements, or cross-border transfer obligations — may enter into Nevtan's Data Processing Addendum (DPA).
The DPA provides contractual commitments covering:
The DPA is available for download and review at nevtan.com/dpa. Enterprise customers may contact legal@nevtan.com for executed DPA arrangements.
Nevtan works with carefully selected third-party service providers (subprocessors) to deliver infrastructure, communications, security, analytics, payment, and other operational functions that support the Services.
All subprocessors are evaluated before engagement based on:
Subprocessors are subject to contractual data protection obligations consistent with Nevtan's own commitments to customers. Nevtan remains responsible for the acts and omissions of subprocessors to the extent required by applicable law and the DPA.
A complete and current list of subprocessors is maintained and available at nevtan.com/subprocessors. Customers subscribed to DPA notifications will receive advance notice of material subprocessor changes.
Nevtan designs its infrastructure for high availability and operational resilience. Our teams continuously monitor the health, performance, and security of our platforms across all products and services.
Reliability Area
Our Approach
Infrastructure Redundancy
Critical infrastructure components are designed with redundancy to eliminate single points of failure and support continuous availability.
Monitoring
Continuous monitoring of infrastructure, application health, and security events enables rapid detection and response to incidents and anomalies.
Incident Management
Defined incident management processes govern detection, escalation, resolution, and post-incident review for all service-affecting events.
Maintenance
Planned maintenance is communicated in advance through our status page. We target minimal disruption and off-peak scheduling where possible.
Disaster Recovery
Disaster recovery plans and recovery runbooks are maintained and tested periodically to validate recovery time and recovery point objectives.
Data Backups
Customer data is backed up on defined schedules. Backup integrity is verified periodically to confirm recoverability.
Real-time service availability, incident updates, and maintenance notices are published at status.nevtan.com.
We encourage responsible reporting of potential security vulnerabilities affecting any Nevtan product or service. Nevtan is committed to working with security researchers and customers who identify and report issues in good faith.
If you believe you have identified a security vulnerability, please:
Nevtan will acknowledge all legitimate reports, investigate promptly, and communicate findings to the reporter where appropriate. We do not pursue legal action against researchers who report vulnerabilities in good faith through appropriate channels.
Nevtan may receive requests from government authorities, law enforcement, or regulatory bodies for access to customer information or records.
Nevtan's approach to such requests:
Customers who have questions about law enforcement request handling may contact legal@nevtan.com.
For trust, privacy, compliance, or security-related inquiries, please contact the appropriate team:
Team
Contact & Scope
Trust Team
trust@nevtan.com — General trust center inquiries, compliance questionnaires, enterprise assessments
Security Team
security@nevtan.com — Security vulnerability reports, security assessments, penetration test coordination
Privacy Team
privacy@nevtan.com — Privacy rights requests, data subject inquiries, DPA questions
Legal Team
legal@nevtan.com — Legal notices, DPA execution, contractual matters, law enforcement requests
All Nevtan trust and legal documentation is available below. Enterprise buyers and procurement teams should start with the Security Overview, DPA, and Subprocessor List.
Document
Description
URL
AI & Data Usage Policy
How AI technologies are governed and how customer data is handled
Data Processing Addendum
Formal data processing and privacy commitments for enterprise customers