Security Center


Your Security, Our Priority

Thousands of companies around the world benefit from Nintex’s Workflow platform and Document Generation applications. Nintex is committed to maintaining the security and reliability of all our products.

  • Your Privacy Comes First

  • Accessible & Secure

  • Responsible & Transparent


Privacy and Compliance

Privacy and Compliance

Nintex protects our customers' personal information. Our Privacy Policy sets a high standard for how Nintex manages the personal details and other information that may be collected by Nintex’s various websites. The Nintex, Nintex Community and Drawloop websites comply with the U.S.- E.U. Safe Harbor Framework and the U.S. - Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from European Union member countries and Switzerland.


People and Access

People and Access

Customers

Nintex customers that access the Nintex Workflow platform have user accounts that are controlled and managed based on the applicable product platform architecture. Nintex for Office 365 accounts are managed via access controls in customers’ Office 365 platforms. Nintex Document Generation accounts are managed via access controls in customers’ Salesforce platforms. Nintex SharePoint accounts are managed in customers’ on-premises SharePoint installations.

Nintex Personnel

Only Nintex production operations engineers can access customers’ environments. Our global Production Operations team maintains a user account for the purposes of maintenance and support. Team members will access customer environments only to monitor application health or perform system maintenance. Secure VPN and two-factor authentication are required for team members to access environments remotely.

Facilities and Hosting

Access to data center facilities and other physical security controls for our cloud-based offerings are tightly regulated according to standards outlined for Microsoft Azure or HOSTING. Nintex Workflow for Office 365, Nintex Forms for Office 365, Nintex Connectors and Nintex Mobile are hosted on Microsoft Azure. The Nintex Drawloop Document Generation application resides on the HOSTING cloud platform.

Our SharePoint offerings, including Nintex Workflow for SharePoint, Nintex Forms for SharePoint and Nintex Mobile, store information on individual devices or servers within the customer’s infrastructure. The customer manages all access controls for these assets.


Data and Content

Data and Content

Nintex maintains high level security of the Nintex Workflow platform.  All of our security controls and risk analysis focus on protecting customer data and content. Nintex has implemented Data Security and Software Development guidelines to standardize our product development and data handling processes and procedures. These guidelines include protections for OWASP Top 10 security flaws, recommendations for avoiding cloud security threats, and secure software development lifecycle processes. We review and, if necessary, update, these guidelines regularly to reflect the current threat landscape and known vulnerabilities.

Customers retain ownership of – and responsibility for – the data and other content they input in the design and publication of Nintex workflows and Nintex forms.  Our End User License Agreement and Subscription Agreement provide additional information regarding these obligations.

Data Access

Nintex Workflow platform users can only access data within their customer tenant or organization-hosted solution. The Nintex Workflow platform segregates customer tenant data and processes according to multi-tenant data architecture best practices, which in some software elements includes separate data stores per tenant.

Data in Transit

Nintex solutions use the TLS protocol for data and communications security whenever possible.


Research Reporting

Research Reporting

Nintex appreciates responsible reporting of potential security vulnerabilities. If you’ve identified a potential security vulnerability in the Nintex Workflow platform, please report this potential vulnerability as soon as possible to Nintex Security. We will work with you to verify and mitigate the vulnerability.

In such instances, we request that you comply with the following guidelines.

Reporting Guidelines

  • Make a good faith effort to avoid data destruction, misappropriation of content, privacy violations, and interruption or degradation of our services.
  • Notify Nintex promptly and provide all available information regarding the potential vulnerability
  • Provide Nintex a reasonable period of time in which to review and, if necessary, mitigate the vulnerability prior to making any public disclosure regarding the vulnerability.

Please email Nintex Security to obtain a PGP key for encryption of any report you wish to send.