Security

All traffic between your device and NILify is encrypted with TLS 1.2+ (HTTPS). Data at rest is encrypted using AES-256 on our managed cloud database and object storage.

Passwords are never stored in plaintext; we use industry-standard one-way hashing. We offer email and SMS verification flows, parental approval for minors, and are rolling out optional two-factor authentication.

Customer data is isolated by row-level security policies in our database. Production access for engineers is scoped, logged, and reviewed.

We log application events, authentication activity, and admin actions. Suspicious patterns (rapid login attempts, scraping behavior) trigger automated mitigations.

We work with reputable infrastructure and payment partners (managed cloud database, Stripe, Twilio, Postmark) and review their security posture and data-processing commitments.

If we detect a security incident affecting your personal information, we follow a documented response process: (1) contain and assess scope within 72 hours of confirmation; (2) preserve evidence and engage qualified responders; (3) remediate the underlying issue; (4) notify affected users without unreasonable delay and consistent with applicable law (including U.S. state breach-notification statutes and, where applicable, GDPR Article 33's 72-hour regulator notification). Notices will describe what happened, the categories of data involved, steps we're taking, and what you can do. Parents/guardians of minors will be notified using the parent contact on file.

Use a strong, unique password and enable two-factor authentication under Account · Security. Never share verification codes. NILify will never ask for your password by email or SMS.

Email hello@nilify.ai with the subject "Security." Please give us a reasonable time to fix before disclosing publicly. We appreciate responsible disclosure.