Skip to content
  • There are no suggestions because the search field is empty.

What is Nines' approach to security?

Discerning households trust Nines with their data because our platform is held to the highest security standards at every level, from our internal infrastructure to your users’ daily login process. We leverage comprehensive security frameworks to protect, detect, identify, respond and recover all in-house developed and maintained services.

The Nines platform

Nines is built on Amazon Web Services (AWS) with the highest available security standards AWS has to offer. To safeguard our platform, we:

  • Encrypt all data, including backups, at rest and over the wire
  • Store data by tenant, so every client account is separate from others
  • Protect and isolate any sensitive data, such as personally identifying information
  • Maintain and abide by a strict data governance policy
  • Follow AWS best practices in monitoring for intrusion
  • Monitor health metrics and application logs
  • Run traditional error detection and uptime monitoring
Our internal systems

Security is at the heart of all of our internal systems and processes.

  • We use mobile management (MDM) to manage all company devices and inventory all software

  • Our security event and incident management (SEIM) is powered by Microsoft 365 Defender

  • Data classification is applied to 100% of documents, communications, and file sharing

  • Data access records are monitored, and data is under version control using CI/CD

  • Application and environment are regularly scanned for vulnerabilities

  • All software is managed with build and release (CI/CD pipelines), with a structured code review and approval process, testing and linting, and code scanning and analysis for vulnerabilities and license verification

  • All credit card transactions are outsourced to a 3rd party vendor, Stripe, so your payment information is always isolated from your account

  • We follow a least-privileged access model for customer/PII and billing data

  • We use secrets management with automated key rotation to protect your data

  • Our private networks are isolated by environment, and are only accessible by VPN

Our leaders in infrastructure, security and engineering joined Nines after building risk software for banks and hospitals, where data standards and security have the strictest requirements of anything in the world. They have implemented the same security elements for our internal and external systems at Nines. If you have any questions about our security, please reach out to our team.

Your users

Any users are held to the highest standards for login security, including:

  • Strong password requirements

  • Option to protect all of your employees’ accounts through two-factor authentication

  • Multi-factor authentication requires anyone logging into your account to enter a uniquely generated code, in addition to a username and password

  • Multi-factor authentication is powered by an authenticator app, rather than text messages, which can be easily compromised

Our team

The team at Nines has no access to account data, including documents, photos and other household information. We operate under a number of security policies, including:

  • Acceptable use

  • Incident reporting and incident response

  • Information classification

  • Data management

  • Mobile device management (all devices with company data are encrypted, and no user has administrator access on a company device)

  • Access termination

  • RBAC for all systems

  • Note: we also run comprehensive background checks on all employees, including county criminal search (last seven years), motor vehicle report, national criminal search (standard), sex offender search, SSN trace, global watchlist search, employment verification, and I-9 employment eligibility