Security & Data Protection
Security is foundational to NOVA HUB. We engineer the platform so that financial leaders can operate with confidence — knowing their data is encrypted, access is controlled, and the infrastructure is monitored around the clock.
Last updated: June 2026
1. Data Encryption
All data in transit between your browser and NOVA HUB is encrypted with TLS 1.2 or higher. Data at rest is encrypted using AES-256. Encryption keys are managed by our cloud infrastructure providers and rotated according to industry best practices.
2. Authentication
NOVA HUB authenticates users through our trusted identity layer, which supports modern password hygiene and multi-factor authentication (MFA). Sessions are short-lived, automatically refreshed, and revoked on sign out. Suspicious sign-in activity triggers additional verification.
3. Access Controls
The platform enforces role-based access control (RBAC) with least-privilege defaults. Administrators can scope visibility to teams, roles, and individual users. Privileged operations are recorded in audit logs for accountability and review.
4. Infrastructure Security
- Hosted on hardened, SOC 2-aligned cloud infrastructure.
- Network segmentation and managed firewalls protect production systems.
- Continuous monitoring, intrusion detection, and automated alerting.
- Encrypted, geographically redundant backups with defined recovery objectives.
- Routine vulnerability scanning and patch management.
5. Privacy Commitment
NOVA does not sell personal information and only processes data for the purposes described in our Privacy Policy. Subprocessors are vetted for security maturity and bound by contractual confidentiality and protection obligations.
6. Responsible Disclosure
We welcome reports from the security research community. If you believe you have discovered a vulnerability in NOVA HUB, please email info@novabsc.com with a clear description and steps to reproduce. We commit to acknowledging valid reports promptly and working in good faith to resolve them.
Please do not publicly disclose findings before we have had a reasonable opportunity to investigate and remediate.
Note
This document is a working template provided for transparency. It should be reviewed by qualified legal counsel before being relied upon for compliance purposes.
