Security Compliance

Security Overview

Before going any further, please review our Privacy Policy and Terms and Conditions. So you can understand how we use your data. 


We take information security very seriously and use information security best practices across the entire stack, from infrastructure to code. To ensure that your data is safe as possible. 

2. Product Overview

nerd.vision is designed to help you debug and collect data quickly and safely in any environment from development to production without redeploying your code.


We have thousands of customers who trust us and our products to monitor and debug their applications; enabling them to identify and respond faster to performance and stability problems. 


nerd.vision works like this

-- The user has an application they want to debug. They install the nerd.vision agent in that application. The agent connects to our service to receive breakpoint settings and send data snapshots to nerd.vision. The data snapshots are automatically deleted from nerd.vision over time.

-- The user connects a source code repository that relates to their application via their web browser to nerd.vision. We do NOT have access to your source code, it stays local to your browser. 

-- nerd.vision shows breakpoint snapshot data received from the application to the user or forwards them to integrations that the user selects. 

3. Security training/ Policy

Our employees are required to conduct themselves in a manner consistent with the company’s guidelines, including those regarding confidentiality, business ethics, appropriate usage, and professional standards. All newly hired employees are required to sign confidentiality agreements and to acknowledge the Intergral code of conduct policy. The code outlines the company’s expectation that every employee will conduct business lawfully, ethically, with integrity, and with respect for each other and the company’s users, partners, and competitors. Processes and procedures are in place to address employees who are on-boarded and off-boarded from the company.

Employees are provided with security training as part of new hire orientation.


Processes

We only process data that we require and is necessary for us to conduct business. All personal data processing is dealt with in a GDPR compliant manner. For more information on how we process data please see our privacy policy


4. Technology

Data Center (AWS) 

nerd.vision’s servers, applications, datastores and services are hosted on the AWS (Amazon Web Services) platform in facilities compliant with leading security standards including; PCI DSS Level 1, ISO27001, ISO27018, ISO 9001, SOC1, SOC2, SOC3 and many more.  For more details, please see the AWS compliance programs and the AWS Security Whitepaper.

Identity Management (Auth0)

We use Auth0 as our nerd.vision identity management provider. Auth0 are compliant with leading security standards including;  PCI DSS Level 1, ISO27001, ISO27018, SOC 2 type II and many more. For more details, please see Auth0 Security and Compliance

Payment Processor (Stripe)

We use Stripe as our nerd.vision payment processor. Stripe are compliant with leading security standards including; PCI DSS Level 1, SSAE18/SOC 1 type 1 and type 2 and SSAE18/SOC 2 type 1 and many more. For more details, please see Security at Stripe

5. Certifications and Standards

ISO 27001

Our data center, identity management and payment providers are all ISO 27001 complaint.

SOC 2

Our data center, identity management and payment providers are all SOC 2 compliant.

PCI

We are PCI certified to take credit card payments, and the associated data. We follow PCI best practices with regard to the encryption and transmission of credit card information and do not store this information on our servers. 


Our data center, identity management and payment providers are all PCI DSS Level 1 certified.


HIPAA

nerd.vision is designed to be functional and secure, but not specifically for compliance with HIPAA regulations. There is overlap between our security and HIPAA’s requirements, but not complete overlap. Since we have no way to determine if your application data contains PII, we have to place the responsibility on you. This means that it is not feasible for us to take legal responsibility for your PII and we cannot sign a BAA.


If HIPAA compliance is a requirement, please consider carefully if nerd.vision an appropriate service. We’d be happy to talk in more detail if you have questions about the possibility of using nerd.vision safely in a HIPAA-covered environment. Notably, if the focus is on application behavior and performance, and data has been de-identified or anonymized, HIPAA compliance may not be required and nerd.vision may be able to serve your needs.



General Data Protection Regulation (GDPR)

We are GDPR compliant. See our GDPR page for more information about the steps we’ve taken to reach compliance as well as resources for understanding GDPR.