Security you can trust

Nowadays protects the events, contacts, and communications you share with us. Here is how we secure that data, and where you can review our controls and documentation for yourself.

Compliance

A formal security program stands behind everything below, with controls monitored continuously.

SOC 2 Type II

In progress, with controls monitored continuously.

GDPR and CCPA

Aligned for data privacy and user rights.

Independent penetration test

Run by a third-party firm in 2026, with findings tracked to closure.

Security policies

18 policies covering access, cryptography, risk, and vendors, reviewed annually.

Vendor risk

We require data processing agreements with subprocessors that handle customer data.

View our subprocessors and security documentation in the Trust Center

Data protection

Your data is encrypted, backed up, and yours to control.

Encryption in transit

TLS 1.2+, with HTTPS enforced site-wide through HSTS.

Encryption at rest

AES-256 for all data stored in our database.

Backups

Automated, with documented recovery procedures.

Ownership

Export or delete your data on request.

Minimization

We collect only what running your events requires.

AI and data governance

We are an AI product, so we govern how models use your data as carefully as the data itself.

No model training

We require AI providers not to train their models on your data.

Provider agreements

We require data processing agreements with the AI providers we use.

Scoped access

Model access to your data is limited to the features that need it.

AI policies

Dedicated AI governance, responsible-AI, and AI privacy policies.

Access and application security

Every request is authenticated, and security is built into how we ship code.

Authentication

Industry-standard password hashing through a managed authentication provider.

Sessions

Email verification for new accounts and automatic session expiration.

API security

Bearer-token validation on every non-public route.

Access control

Role-based access, with tenant data isolated at the database level.

Injection defense

Parameterized queries and input sanitization guard against SQL injection and cross-site scripting.

Secure development

Code review and automated tests in CI before changes ship.

Infrastructure and availability

We run on audited cloud platforms with defenses at the network edge.

Cloud platforms

Independently audited cloud hosting and database providers.

Network

Managed DDoS protection and network isolation at the edge.

Monitoring

Access and activity logging for investigation.

Continuity

Documented business continuity and disaster recovery plans.

Incident response

We maintain an incident response plan and welcome reports from security researchers.

If a security incident affects your data, we will notify you promptly with clear information about what happened and how we responded. Follow live system status at status.nowadays.ai, and report a suspected vulnerability to security@nowadays.ai.

Contact

General questionssupport@nowadays.ai
Security and vulnerabilitiessecurity@nowadays.ai
Compliance and documentstrust.nowadays.ai

Last updated: July 2026