Thousands of companies around the world benefit from Nintex’s Workflow platform and Document Generation applications. Nintex is committed to maintaining the security and reliability of all our products.
Nintex customers that access the Nintex Workflow platform have user accounts that are controlled and managed based on the applicable product platform architecture. Nintex for Office 365 accounts are managed via access controls in customers’ Office 365 platforms. Nintex Document Generation accounts are managed via access controls in customers’ Salesforce platforms. Nintex SharePoint accounts are managed in customers’ on-premises SharePoint installations.
Only Nintex production operations engineers can access customers’ environments. Our global Production Operations team maintains a user account for the purposes of maintenance and support. Team members will access customer environments only to monitor application health or perform system maintenance. Secure VPN and two-factor authentication are required for team members to access environments remotely.
Access to data center facilities and other physical security controls for our cloud-based offerings are tightly regulated according to standards outlined for Microsoft Azure or HOSTING. Nintex Workflow for Office 365, Nintex Forms for Office 365, Nintex Connectors and Nintex Mobile are hosted on Microsoft Azure. The Nintex Drawloop Document Generation application resides on the HOSTING cloud platform.
Our SharePoint offerings, including Nintex Workflow for SharePoint, Nintex Forms for SharePoint and Nintex Mobile, store information on individual devices or servers within the customer’s infrastructure. The customer manages all access controls for these assets.
Nintex maintains high level security of the Nintex Workflow platform. All of our security controls and risk analysis focus on protecting customer data and content. Nintex has implemented Data Security and Software Development guidelines to standardize our product development and data handling processes and procedures. These guidelines include protections for OWASP Top 10 security flaws, recommendations for avoiding cloud security threats, and secure software development lifecycle processes. We review and, if necessary, update, these guidelines regularly to reflect the current threat landscape and known vulnerabilities.
Customers retain ownership of – and responsibility for – the data and other content they input in the design and publication of Nintex workflows and Nintex forms. Our End User License Agreement and Subscription Agreement provide additional information regarding these obligations.
Nintex Workflow platform users can only access data within their customer tenant or organization-hosted solution. The Nintex Workflow platform segregates customer tenant data and processes according to multi-tenant data architecture best practices, which in some software elements includes separate data stores per tenant.
Nintex solutions use the TLS protocol for data and communications security whenever possible.
Nintex appreciates responsible reporting of potential security vulnerabilities. If you’ve identified a potential security vulnerability in the Nintex Workflow platform, please report this potential vulnerability as soon as possible to Nintex Security. We will work with you to verify and mitigate the vulnerability.
In such instances, we request that you comply with the following guidelines.
Please email Nintex Security to obtain a PGP key for encryption of any report you wish to send.