NimbleBooks is a software-as-a-service platform for billing & invoicing
solution.
This document
outlines the security architecture of NimbleBooks as well as topics related to the security of your
data.
The NimbleBooks platform is deployed and runs on Amazon Web Services in the eu-central-1 region of AWS located in Hong Kong. NimbleBooks utilizes 3rd party services, such as Strip (online payment) etc.
NimbleBooks leverages a set of best-practices that guarantee the system security and data privacy:
We’re committed to the security of our customers’ data and provide multiple layers of protection for the personal and financial information you trust to NimbleBooks.
As a NimbleBooks customer you have the flexibility to invite unlimited users into your account to collaborate on your data, and the person that holds the subscription has control over who has access and what they are able to do. Our customer support staff cannot access your information unless you invite them to help. Please see our privacy policy for further information.
We encrypt all data that goes between you and NimbleBooks using industry-standard TLS (Transport Layer Security), protecting your personal and financial data. Your data is also encrypted at rest when it is stored on our servers, and encrypted when we transfer it between data centres for backup and replication.
NimbleBooks takes a “defence in depth” approach to protecting our systems and your data. Multiple layers of security controls protect access to and within our environment, including firewalls, intrusion protection systems and network segregation. NimbleBooks’s security services are configured, monitored and maintained according to industry best practice. We partner with industry-leading security vendors to leverage their expertise and global threat intelligence to protect our systems.
NimbleBooks’s servers are located within enterprise-grade hosting facilities that employ robust physical security controls to prevent physical access to the servers they house. These controls include 24/7/365 monitoring and surveillance, on-site security staff and regular ongoing security audits. NimbleBooks maintains multiple geographically separated data replicas and hosting environments to minimise the risk of data loss or outages.
NimbleBooks’s Security team continuously monitors security systems, event logs, notifications and alerts from all systems to identify and manage threats.
With a record of 99.97% uptime, NimbleBooks delivers best-in-class availability. We use multiple redundancy technologies for our hardware, networks, data centres and infrastructure. These ensure that if any component fails, NimbleBooks will keep on running – with little or no disruption to your service.
NimbleBooks has been designed to grow with your business. Our high performance servers, networks and infrastructure ensure we can deliver quality service to you and our hundreds of thousands of other users.
NimbleBooks performs real-time data replication between our geographically diverse, protected facilities, to ensure your data is available and safely stored. This means that should even an unlikely event occur, such as an entire hosting facility failure, we can switch over quickly to a backup site to keep NimbleBooks and your business running. We transmit data securely, across encrypted links.
We’re constantly enhancing NimbleBooks, delivering new features and performance improvements. Updates are delivered frequently, with the majority of them being delivered without interrupting our service and disrupting users.
We design security into NimbleBooks from the ground up. However, there can be risks to working and playing online. Whether you’re shopping, banking, doing your accounts, or simply checking your email, cyber criminals and scammers are always looking for ways to steal money or sensitive information. There are precautions you can take to reduce the risks and help keep you safe from harm online. Take a few minutes to read our introduction to cloud security, and see below for information about how to identify and deal with scams and malicious phishing emails.