Novana|Trust Center

Learn about how Novana protects your data, ensures compliance, and builds trust.

Security

We build security into every layer of Novana — from the cloud infrastructure that stores your data to the development practices that shape our product. Schools trust us with sensitive information, and we take that seriously.

Encryption

  • All data in transit encrypted with TLS 1.2+
  • Data at rest encrypted with AES-256
  • File storage encrypted at rest via provider-managed encryption
  • Database encryption managed by cloud provider

Cloud Infrastructure

  • Hosted on Google Cloud Platform and Vercel
  • Customer Content stored and processed in Japan
  • Managed services — no self-hosted servers to patch
  • Credentials stored in platform-managed secret stores, never in code

Secure Development

  • All code changes pass automated checks and manual review before deployment
  • Automated testing before any deployment
  • Built against the OWASP Top 10 guidelines
  • Dependency scanning catches known vulnerabilities before they ship

Vulnerability Testing

  • Automated security scanning on every pull request
  • Third-party dependency scanning for known CVEs
  • Critical issues patched within defined SLAs
  • Responsible disclosure program for external researchers

People & Access

  • Multi-factor authentication required for all staff
  • Least-privilege access to production systems
  • Security awareness training for every team member
  • Permissions reviewed regularly and revoked on role changes

Incident Response

  • Documented response plan with clear escalation paths
  • Affected customers notified within 72 hours of a breach
  • Notification includes scope, affected data, and remediation steps
  • Post-mortem and remediation plan after every incident

Responsible Disclosure

Found a vulnerability? We want to hear about it. Email security@novana.io with a description and steps to reproduce. We ask for reasonable time to investigate before public disclosure. We appreciate researchers who help us keep schools' data safe.

Questions? Concerns? Ask us anything.

Whether it's a security question, a compliance requirement, or something that doesn't fit neatly into a category — we're here to help. No question is too small.

security@novana.io