SAFER

Safe Accessible Findable Enriched Responsible

We aren’t just putting an acronym to this; we are deadly serious about keeping your data safe and private.
So much so, that it is at the forefront of all our commercial and tech strategies.

CONTEXT

Allotap is the parent company to NALYC, both of which use your data uniquely but with the same level of high security.

THE MICROSOFT UMBRELLA

We won’t let you go outside when it’s raining without an umbrella for protection and we deal with your data in the same sensible way. As an authorized Microsoft partner, we work closely with Microsoft to ensure all processes are seamless as everything in NALYC exists in the Microsoft ecosystem. Our back-end servers are deployed on the AzureTM Cloud with constantly updated infrastructure and full redundancy in the event of server failure. In simple terms, we work with Microsoft to show how committed we are to data security; their infrastructure is proven to be reliable and safe.

Our offer to all NALYC users, no matter the subscription type:

Microsoft DefenderTM: a unified infrastructure security management system that confers powerful and advanced threat protection.

Azure Active Directory (Azure AD): the cloud-based identity and access management service which combines Microsoft 365 Defender identity with multi-factor authentication.

Azure Firewall: the intelligent network firewall security service provides threat protection.

NALYC and its parent company, Allotap, has received Azure Security Certification (AZ-500).

FACT: The Azure policy service confers the highest organizational and compliance standards in the market.

Now for the technological part.

ENCRYPTION

At Allotap, we are transparent so let’s get to the point why we don’t have the famous end-to-end encryption and why your data is still safe with us.

We all know that our WhatsApp’s are encrypted and this is one of the reasons why it is so popular. It’s important to note that WhatsApp’s have end-to-end encryption and emails do not. Everyone has tried to do this with emails but it’s complicated…really it is. The email providers would either need to count on everyone using the same provider (that means convincing your Apple obsessed iMail friend to use outlook) or the emails aren’t actual emails, but website links where the encryption is then applied. Alternatively, you use an ugly external tool to encrypt and decrypt the emails (like PGP). In a nutshell, it’s not possible for us and that means that NALYC is unsuitable for certain forms of high-risk exchanges – not just NALYC, the whole concept of email is unsuitable for those exchanges (we recommend Signal or Wire).

So, the golden ticket question: How does NALYC protect your data without end-to-end encryption? Well, it’s through encryption at-rest, at-work, and in-transit, but not end-to-end.

Data in-transit, between NALYC and you, are encrypted using HTTPS.

At-rest encryption means that all our databases, files, and all other stored data is encrypted when backed up and not in current use. This ensures that, in the event of unauthorized access, all data is protected by encryption rendering it unusable.

At-work encryption. First, the main database deploys encrypted data when used. Our search engine indexing cannot be fully encrypted. However, we protect the data fully through a firewalled VPN transfer connection. The database encryption allows NALYC to operate and support operations without running any risk of inadvertently exposing private data during maintenance. Administrators and programmers see the metadata connecting, can resolve bugs and improve performance without access to the content of your emails.

NALYC EMPLOYEES: TRAINED, MONITORED AND AUDITED.

That’s us – the best and most sensible of the crop!

All NALYC employees are bound by confidentiality agreements covering both code and data. They receive annual training in best security and privacy practices. Only those programmers or administrators who need access, have access. The access path is always monitored and requires select programmers to state the valid consent or justification for the specific access session throughout routine maintenance, debugging and/or servicing.

Allotap performs an internal annual security and privacy in compliance with Microsoft Azure Security policies.

BILLING INFORMATION

All payments are encrypted and processed through Stripe, following the Payment Card Data Security Standard (PCI DSS). Allotap does not have access to any personal credit card information. All billing details received by NALYC are provided through the Stripe API.

DATA DELETION

All data and back-ups held by NALYC are deleted within 30 days upon receipt of contract termination.

THIRD PARTIES AND DATA SECURITY

NALYC will never share our users’ data with any third-parties. There are no advertisers as we are 100% ad-free. We simply do not show anything that is yours to anyone else and we continuously work with Microsoft to test our system for vulnerabilities.

We’re going the extra mile because keeping your data safe is our number one priority.  If you have any questions or a data privacy concern, please contact info@nalyc.com.