Introduction

This document answers some common questions about NxtPort’s Information Security Policy.

Data Centers

NxtPort’s goal is to enable you to share your information through API’s. For most use cases NxtPort collects your Data, stores it and indexes it. At all times do you, the Data Provider, keep full ownership over your Data. Protecting your Data and the Data of your customers is extremely important to us.
If this document does not answer your questions and you require more in-depth information about NxtPort’s Information Security Policy, please do not hesitate to contact us at via support.nxtport.com or email (support@nxtport.com).

The NxtPort platform runs on the Microsoft Azure Cloud platform and therefore in Microsoft’s datacenters. Microsoft cloud services are audited at least annually against SOC 1 (SSAE18, ISAE 3402) and SOC 2 (AT Section 101) standards. More information is available on the Microsoft website.

The NxtPort platform deploys services on (Tier 4) Microsoft Azure data centers in West Europe only.

Misuse

NxtPort strives to be compliant and reliable. Only authorized parties can access live data. A Data User can only access Data if the Data Provider allows it. NxtPort also monitors API usage and takes action if we detect any suspicious activity, NxtPort will take immediate actions such as suspending access, contacting the Subscriber and/or contacting the Data Provider.

Application Security

NxtPort knows how important software security is. We scan our code for vulnerabilities regularly and also:

• Transfer and encrypt your Data securely
• Perform regular independent penetration tests
• Get audited regularly by independent parties
• Have ISO 27001 and 27002 certificates

If you find a vulnerability in a NxtPort site or service, please follow our responsibility disclosure policy

Operational Security

Only people who need access to NxtPort systems and your Data can access them. We provide you with the best support possible. NxtPort keeps its development, test and production environments separate. Every company and employee who works for NxtPort or on its behalf has:

• Signed security clauses
• Signed confidentiality agreements
• Termination/access removal processes
• Acceptable use agreements

Security is everyone’s responsibility at NxtPort. We train our staff to identify and prevent and respond to security risks and security incidents.

Business Continuity/Disaster Recovery

By using the Microsoft Azure Cloud platform, which has redundant and geographically separate data centers, NxtPort can provide you with consistent services. All service layers (ingestion, storage, processing, API management and identity management) are deployed with redundancy to allow for quick recovery in case a single data center fails.

Privacy

You can also review the  NxtPort privacy policy, but we want to assure you that we fully respect the confidentiality of your Personal Data.