Security Practices

Security and Privacy
For detailed information about our security and privacy practices, you can view our privacy policy. Below are some highlights.

Data centers and security measures
NUCO BOI Compli’s servers are hosted at DigitalOcean.

Hosted Infrastructure Details
DigitalOcean infrastructure have strong safeguards to protect customer privacy. All data is stored in highly secure data centers. For a detailed overview of all security and privacy measures, see the DigitalOcean Security page.

Additional security measures

• Data center security: Our data centers demonstrate ongoing compliance with rigorous international standards, such as SOC2 Type 1.
• Access control: We restrict access to personal data only to our employees, contractors, and agents who need to know this information to operate, develop, or improve our service. Employees can only access accounts if they have explicit permission from an account owner or the account is in review for compliance with the NUCO BOI Compli terms of service.
• Confidentiality agreements: Employees, contractors, and agents are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
• App security: All access to the NUCO BOI Compli interface is secured over SSL (HTTPS), ensuring the information is encrypted. Our SSL configurations are regularly and automatically scanned to ensure we can quickly remediate any vulnerabilities discovered, such as Heartbleed.
• Fully redundant servers for the services.
• Secure protocols (SSL / TLS) across the service endpoints.
• Separately hosted documentation and marketing site.
• 256-bit SSL encryption on the web app and payment processing.
• All passwords are stored using one-way cryptographic hashing functions.
• Hardened and patched OS with frequent security updates.

Data retention
Data is retained indefinitely. Clients can request that their information be deleted at any time.