Enterprise buyers evaluate trust first. This is how NILARA protects your work, your records, and your decisions — and how we help you meet your own obligations.
Defense-in-depth across identity, data, and infrastructure.
Encryption in transit and at rest; backups and recovery.
Least-privilege, role-based access across the suite.
Groups, roles, and per-document rules.
Immutable, ordered, exportable activity trail.
Industry-standard encryption for data and transport.
Built to support regulated and quality-managed work.
Defined detection, response, and notification process.
Regional hosting options for regulated deployments.
Reviewed providers under data-protection terms.
Every action in NILARA is attributed to a person and a rule, kept in order, and exportable as a complete record. That’s what makes audit readiness the normal state rather than a scramble — and what auditors, regulators, and partners tend to ask for.
Enterprise single sign-on with your identity provider.
Automatic user lifecycle from your directory.
Multi-factor authentication on every account.
Least-privilege roles govern OS, Vault, and Flow together.
TLS 1.2+ in transit; AES-256 at rest.
Automated backups with tested restore procedures.
Regional hosting options for regulated deployments.
Private-cloud and dedicated-tenant options.
Defined detection, containment, and customer notification.
Report vulnerabilities to security@nilara.io; we coordinate fixes in good faith.
Reviewed providers under written terms — see the Subprocessor List.
security@nilara.io — monitored by the engineering team.
NILARA is built to support regulated and quality-managed environments — and we hold ourselves to the same standard of proof we sell. Formal certifications will be published as NILARA completes external audits. We do not claim SOC 2, ISO 27001, HIPAA, or GDPR certification before it is true; ask us where each stands for your deployment.
Trust Center last reviewed: July 2026.
NILARA is built to support regulated and quality-managed environments. Specific certifications, attestations, and controls should be confirmed for your deployment. NILARA supports your compliance program; it does not replace your obligations.
NILARA gives security, legal, and procurement teams the controls they expect before enterprise adoption — identity, encryption, tenant isolation, auditability, data residency, access governance, and incident response — each with evidence you can request.
AES-256 at rest and TLS 1.2+ in transit protect NILARA data across storage, application traffic, and backups. Key management, rotation, and backup encryption can be reviewed under NDA.
Enterprise identity through SAML 2.0 SSO with workspace-level enforcement and centralized access policies — IT connects NILARA to your identity provider and controls access through existing corporate authentication.
SCIM provisioning creates users, applies role changes, and deprovisions access when people leave or move teams — keeping NILARA aligned with your HR and identity systems and cutting manual access risk.
MFA can be required by policy for sensitive workspaces, admin users, external collaborators, or regulated teams, with enforcement based on role, region, and workspace.
NILARA records access changes, approvals, document actions, workflow decisions, exports, and admin updates in a tamper-evident trail that’s exportable for legal, security, and compliance review.
Enterprise deployments can be configured for selected hosting regions, including Canadian residency where required. Residency is documented during procurement and aligned to your legal and privacy needs.
Encrypted backups and documented recovery objectives support enterprise deployments. Backup frequency, retention, and recovery testing are available during security review.
Customer environments are logically separated by tenant boundaries, access rules, workspace policies, and data segmentation across application, database, storage, and audit layers.
A defined process covers detection, triage, containment, customer notification, remediation, and post-incident review. Notification timelines and contacts are set in enterprise agreements.
Researchers and customers can report vulnerabilities through a responsible-disclosure process with intake, acknowledgement, triage, remediation, and communication expectations at security@nilara.io.
Security-relevant activity is logged and monitored across authentication, access changes, admin actions, exports, and failed logins, with alerts routed to the internal security team.
NILARA supports periodic access reviews for users, roles, external collaborators, privileged accounts, and inactive accounts, with review records exportable for auditors and governance teams.
Idle timeout, session expiry, and forced re-authentication for sensitive actions can be enforced by policy, with tighter controls for admins and regulated workspaces.
Admin roles carry permission scopes, workspace-level controls, user-lifecycle management, and view-as-user for support — so administrative power is bounded and auditable.
Who can export, what is exported, and when is governed and logged. Sensitive exports can require approval, and external copies can be watermarked.
External collaborators get temporary, restricted workspace visibility with expiration dates, revocation, and full audit logging — no standing outside access.
A current subprocessor list documents vendor, region, purpose, and data category, with update notifications so your team can track changes.
SOC 2 and ISO 27001 are on the roadmap; HIPAA readiness is deployment-specific; GDPR and PIPEDA alignment support customer-specific review. We share the plan and current status honestly.
We don’t overclaim. Here’s the current status of the documents and reports security and procurement teams request.
| Area | Current status | Under NDA |
|---|---|---|
| Security overview | Available | Yes |
| Architecture diagram | Available | Yes |
| Data Processing Agreement (DPA) | Available | Yes |
| Subprocessor list | Available | Yes |
| Data residency options | Available | Yes |
| Penetration test summary | Under NDA | Yes |
| HIPAA readiness | Deployment-specific | Yes |
| SOC 2 Type II | Roadmap | — |
| ISO 27001 | Roadmap | — |
Request the security packet or an NDA at security@nilara.io.
We’re happy to walk through architecture, controls, and data handling in detail.