Security at Noloco

At Noloco, we stand by the principle that your business needs should shape your software tools, not the other way around. Our robust platform equips you with the ability to craft an array of custom applications, without requiring any technical expertise. From streamlining internal processes, to automating complex workflows, to managing the intricate details of your operations, Noloco empowers business leaders and employees alike to re-engineer traditional practices and propel their efficiency to new heights.

Inherit in Noloco's versatility is its use across an array of confidential and crucial business scenarios. With this in mind, we view privacy and security as integral components of our platform and foundational in all new feature developments. Earning and maintaining the trust of our users is paramount to us; hence, we adhere to the strictest privacy and security standards.

ISO/IEC 27001 certification

ISO/IEC 27001:2013 is a specification for an information security management system (ISMS), which is a framework for an organisation's information risk management processes.

View Certificate

Network and system security | Encryption

The data we store for your Noloco app(s) and the transmission of information between your device and our servers is protected using 256-bit TLS encryption. This data is encrypted at-rest. As mentioned, these security standards will be verified and validated upon achieving our SOC 2 Type 1 accreditation under Infrastructure Security practices in H1 2023.

Noloco's servers are located in Ireland (Europe), in data centres that are SOC 1, SOC 2 and ISO 27001 certified. Noloco's data centres have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access.

Service reliability and durability

Noloco utilises industry-leading Amazon Web Services (AWS) hosting infrastructure. Backups are geo-redundantly replicated across multiple availability zones for data durability. Noloco maintains business continuity and disaster recovery plans. Components of the disaster recovery plan include multiple site operations playbooks, which are regularly reviewed and rehearsed.

Application security

Noloco runs automated application-level security scans and package dependency security advisory scans on a daily basis. In addition to internal scans.

As part of the software development process, code and configuration changes are thoroughly reviewed. Before being deployed, these changes are tested during the quality assurance process to help ensure a consistent experience across all devices, platforms, and browsers that are supported by Noloco.

Product security

Within the Noloco product,  user roles and permissions can be managed per Noloco app. These permissions allow you to control who can access what data and whether they can modify the records or fields that you’ve shared with them. Noloco also enables you to restrict access to an app with an email and password.

Noloco supports SAML-based Single Sign On (SSO) for apps on the Enterprise Plan. Additional information is available here.

How to report an issue

If you believe you’ve discovered a security-related issue, please contact us at security@noloco.io.