How Do We Secure Data at Nelly?

At Nelly, safeguarding our practices and patients data is a top priority. We understand that data security requires a comprehensive approach, integrating robust legal frameworks and cutting-edge technical measures. Our commitment to data privacy ensures that all data  remains strictly confidential, secure, and used only for its intended purpose. 

Below, we outline how we secure data from both legal and technical perspectives.

Compliance and Regulatory Adherence

We comply with international, national, and industry-specific regulations to uphold the highest standards of data protection. Our legal approach to data security includes:

1. Compliance with Global Data Protection Laws

Nelly adheres to key data protection laws, including:

  • General Data Protection Regulation (GDPR) – Ensuring the rights of EU citizens are protected through data minimization, transparency, and user consent.
  • Digital Operational Resilience Act (DORA) – Strengthening IT security resilience in the financial sector and ensuring compliance with operational risk management.

2. Transparent Data Usage Policies

We maintain clear and concise privacy policies outlining:

  • The types of data collected.
  • The purpose of data collection and processing.
  • The legal basis for data processing.
  • How data is shared with third parties (if applicable).
  • Customer rights regarding data access, modification, and deletion.

3. Contractual Agreements and Data Protection Addendums

We enforce strict contractual obligations with partners and vendors to ensure:

  • Compliance with data protection laws.
  • Adequate security measures to prevent unauthorized access or data breaches.
  • Proper handling of data transfers in compliance with applicable laws.

Advanced Security Measures

Our technical approach to data security incorporates best-in-class solutions designed to protect against cyber threats, unauthorized access, and data leaks.

1. Data Encryption and Secure Storage

We employ encryption techniques to safeguard data:

  • At Rest: All data is encrypted using industry using AES-256 encryption.
  • In Transit: Modern TLS protocols secure data exchanged between users and our servers.
  • Database Security: Multi-layered encryption protects stored information.

2. Identity and Access Management (IAM)

To prevent unauthorized access, we implement:

  • Multi-Factor Authentication (MFA): Ensuring only authorized users can access sensitive systems.
  • Role-Based Access Control (RBAC): Limiting data access based on job roles (“need-to-know principle”).
  • Privileged Identity Management (PIM): Providing just-in-time privileged access to minimize risk and prevent unauthorized administrative actions.
  • Regular Access Audits: Monitoring and updating permissions as needed.

3. Network and Infrastructure Security

Our infrastructure is protected by:

  • Firewalls and Intrusion Detection Systems (IDS): Preventing unauthorized access attempts.
  • Zero Trust Architecture: Validating users and devices before granting access.
  • Regular Security Patching: Ensuring all systems are updated to defend against vulnerabilities.

4. Data Center Locations and Security

Our primary data storage is hosted in Amazon Web Services(AWS) Frankfurt region, ensuring compliance with EU data protection regulations and industry security standards. Additionally, our infrastructure includes:

  • Geo-redundant encrypted backups across multiple secure AWS regions.
  • Data sovereignty and regulatory compliance in accordance with local laws.
  • 99.99% uptime reliability through failover and disaster recovery mechanisms.

5. Data Anonymization and Masking

To reduce risk, we:

  • Mask personal data in non-production environments.
  • Anonymize data where full user identification is unnecessary.
  • Implement pseudonymization techniques to enhance privacy.

6. Continuous Monitoring and Threat Detection

We deploy:

  • Threat Detection: Identifying and mitigating threats in real-time.
  • 24/7 Security Monitoring: Constant oversight of system activities.
  • Security Incident Response: Rapid action on security alerts.

7. Regular Security Audits and Penetration Testing

We conduct:

  • Internal and external security audits to assess vulnerabilities.
  • Ethical hacking and penetration testing to simulate cyberattacks and identify weaknesses.
  • Compliance assessments to ensure adherence to regulatory standards.

Commitment to Ongoing Security Enhancements

At Nelly, data security is a continuous effort. We invest in:

  • Employee commitments and training programs on cybersecurity best practices.
  • Cutting-edge security technologies to stay ahead of evolving threats.
  • Customer education initiatives to promote data safety.

By integrating robust legal frameworks and advanced technical safeguards, we ensure that our customers' data remains secure, private, and protected. Our mission is to foster trust and confidence in every interaction, reaffirming our unwavering commitment to data security.

For further inquiries on how we secure your data, please contact our Privacy and Security Team at security@nelly-solutions.com