Security & Data Protection

NovaSell is committed to maintaining the highest standards of security and data protection. Learn about the measures we've implemented to keep your data safe.

Our Security Approach

At NovaSell, we understand that your CRM data represents one of your most valuable business assets. That's why we've designed our platform with security at its core, implementing multiple layers of protection to safeguard your information.

Our comprehensive security program follows industry best practices and includes robust technical controls, regular security assessments, employee training, and clearly defined policies and procedures.

Enterprise-Grade Security

Our infrastructure is hosted in SOC 2 compliant data centers with 24/7 monitoring, intrusion detection, and physical security controls.

Data Encryption

All data is encrypted both in transit (using TLS 1.2+) and at rest (using AES-256 encryption), ensuring your information remains protected.

Data Backups

Automated backups are performed multiple times daily with geo-redundant storage and point-in-time recovery capabilities.

Access Controls

Comprehensive role-based access controls, multi-factor authentication, and single sign-on options keep your account secure.

Regular Testing

We conduct regular vulnerability scans, penetration testing, and code reviews to identify and address potential security issues.

Incident Response

Our dedicated security team maintains a comprehensive incident response plan to address potential security events quickly and effectively.

Compliance & Certifications

GDPR Compliance

NovaSell is fully compliant with the General Data Protection Regulation (GDPR), providing tools and features to help you manage your data protection obligations.

  • Data subject access requests
  • Right to be forgotten capabilities
  • Data portability tools
  • Consent management features

SOC 2 Type II

NovaSell has successfully completed SOC 2 Type II audits, demonstrating our commitment to security, availability, processing integrity, confidentiality, and privacy.

Our SOC 2 Type II reports are available to customers and prospective customers under NDA.

ISO 27001

NovaSell maintains ISO 27001 certification for our information security management system, covering all aspects of our service delivery.

This certification validates our systematic approach to managing sensitive company and customer information.

For detailed information about our compliance certifications or to request compliance documentation, please contact our security team at security@novasell.com

Our Security Practices

Application Security

We follow secure development practices and perform rigorous testing to ensure the security of our application:

  • Secure software development lifecycle (SSDLC)
  • Regular security testing, including OWASP Top 10 vulnerabilities
  • Static and dynamic application security testing
  • Third-party security review and penetration testing
  • Continuous security monitoring and automated vulnerability scanning

Network Security

Our network infrastructure employs multiple layers of security controls:

  • Web application firewalls (WAF) to protect against common web exploits
  • DDoS protection to ensure service availability
  • Network segregation and security groups
  • Intrusion detection and prevention systems
  • Regular network vulnerability assessments

Operational Security

Our team follows strict security protocols in our day-to-day operations:

  • Security awareness training for all employees
  • Background checks for staff with access to production systems
  • Principle of least privilege access controls
  • Multi-factor authentication for all internal systems
  • Centralized logging and monitoring with alerting
  • Formal change management and approval processes

Shared Security Responsibility

While we implement robust security measures, security is a shared responsibility between NovaSell and our customers.

Customer Security Best Practices

We recommend the following security practices to maximize the protection of your data:

Use Strong Authentication

Enable multi-factor authentication for all users and use strong, unique passwords.

Implement Role-Based Access

Configure appropriate user roles and permissions based on the principle of least privilege.

Regular User Reviews

Periodically review user accounts and remove access for users who no longer require it.

Data Management

Implement policies for data retention and regularly review and clean up unnecessary data.

Security Training

Educate your team on security best practices and potential threats like phishing.

Secure Endpoints

Ensure devices accessing NovaSell have current security patches and anti-malware protection.

Security FAQ

How does NovaSell handle security incidents?

We maintain a formal incident response plan that includes detection, analysis, containment, eradication, and recovery phases. If an incident occurs that affects your data, we will notify you promptly with details about the incident and steps we're taking to address it.

Where is my data stored?

NovaSell uses enterprise-grade cloud infrastructure with data centers located in the United States and the European Union. We can provide region-specific data storage for customers with geographic requirements.

How can I report a security concern?

If you discover a potential security vulnerability or have security concerns, please contact our security team immediately at security@novasell.com. We appreciate responsible disclosure of security issues.

Does NovaSell conduct background checks on employees?

Yes, we conduct background checks on all employees, with enhanced screening for team members who have access to production systems or customer data. All employees also sign confidentiality agreements and receive regular security awareness training.

How often are security assessments performed?

We conduct regular security assessments, including vulnerability scanning (weekly), penetration testing (quarterly), and comprehensive third-party security audits (annually). We also perform continuous automated security monitoring.

For more information about our security practices or to discuss specific security requirements, please contact our team at security@novasell.com