Security and Compliance

At Nifty, we are dedicated to protecting your data with top-tier security measures. Our commitment to security encompasses several key aspects to ensure the safety and integrity of your information:

GDPR COMPLIANCE

Nifty is compliant with the General Data Protection Regulation (GDPR) and leverages the privacy features built into Amazon Web Services (AWS) to ensure a secure environment. For the technical specifications of AWS, you can read more at:

• https://aws.amazon.com/security
• https://aws.amazon.com/compliance

SOC 2 COMPLIANCE

At Nifty, data security, privacy, and trust are our top priorities. We’ve earned the SOC 2 Trust Services Principles certification, highlighting our commitment to security. This certification means our organizational and technology controls undergo independent audits at least once a year. For the latest SOC 2 report, reach out to team@niftypm.com.

ISO CERTIFICATION

Nifty has achieved ISO 27001:2022 certification, a globally recognized standard for information security management. This certification confirms Nifty's commitment to upholding the highest standards of security, reliability, and trust in safeguarding customer data. For more information, contact team@niftypm.com.

END-TO-END DATA ENCRYPTION

We utilize end-to-end data encryption to safeguard your personal data throughout its entire journey. This means that your data is encrypted from the moment it leaves your device until it reaches its destination, ensuring that only authorized users can access it. Our encryption protocols adhere to industry standards to provide robust protection against unauthorized access.

CASA SECURITY CERTIFICATION

Our Cloud Application Security Assessment certifications underscores our adherence to rigorous cybersecurity standards. This certification confirms that we have implemented comprehensive security measures and best practices to protect your data. It reflects our ongoing commitment to maintaining a secure environment for all users. For the latest CASA security report, reach out to team@niftypm.com.

ONGOING VAPT TESTING

To ensure the continued security of our systems, we undergo regular Vulnerability Assessment and Penetration Testing (VAPT) by independent third parties. This proactive approach helps identify and address potential vulnerabilities, ensuring that our security measures remain effective and up-to-date.

NETWORK + DATA SECURITY

We're provided with reports, certifications, and third party assessments of Amazon's data center that ensures round-the-clock airtight security, which means the same team who can get a package to your door overnight is the team who are watching your servers every minute.

APPLICATION & INFRASTRUCTURE SECURITY

Nifty's platform is secured and protected in the following ways:

• All data is end-to-end encrypted over SSL which is unable to be viewed by a third party. This is financial-institute level security.
• Nifty has earned SOC 2 compliance certification, with annual independent audits guaranteeing the highest level of platform and data security.
• Nifty has achieved ISO 27001:2022 certification, a globally recognized standard for information security management.
• Nifty maintains ongoing Level 1 PCI compliance which is top-level credit card storage and processing standards.
• We actively monitor ongoing security, performance and availability 24/7/365. We run automated security testing on an ongoing basis, as well as contract third parties for independent penetration testing.
• We have daily backups stored on separate servers to maintain data security and viability.
• We offer Single-Sign-On and 2FA login security as an on-boarding option.

QUESTIONS ABOUT SECURITY OR COMPLIANCE?

Nifty is located at 315 W 36th St, New York, NY 10018. If you wish to contact us or have any questions about Security, please contact us at team@niftypm.com.