Nodes & Links maintains ISO 27001 and UK Cyber Essentials credentials, which provide independent assurance that security controls meet global best practice standards. We also undertake penetration testing across the entire platform, performed by independent, certified experts. Relevant certificates are shared during formal infosec reviews.
The platform runs on AWS and uses logical tenant isolation enforced at the API and data layers to protect each customer’s environment. We are able to host data by default to the USA, EU, UK and AUS. Additional regions are available upon request.
Yes—host-level firewalls are enabled on corporate endpoints, and network security controls align with ISO 27001 guidance for network protection.
Customer data is never shared across customers, and confidentiality is governed by NDAs and strict authorization. Data is logically segmented at the datastore level with tenant identifiers enforced at the API layer so each customer can only access their own data.
All databases, data stores, and file systems are encrypted using AES-256, and all external data transmissions are end-to-end encrypted with TLS using strong protocols and ciphers. Keys are managed and rotated via AWS.
Backups of customer and system data are taken daily, encrypted like production data, replicated to a separate AWS region, and continuously monitored.
Access follows role-based access control and the least-privilege principle with verified identity, unique accounts, annual access reviews, and mandatory MFA for privileged accounts
Security is embedded across all SDLC phases with threat modeling, code reviews, OWASP-aligned secure coding, segregation of environments, and independent testing in non-production environments.
