Security

Security is a core part of how Novella is built and operated. This page provides an overview of our approach. For privacy details, see our Privacy Policy.

1. Overview

Novella applies practical, risk-based security controls aligned with the type of data processed in the platform. We aim to protect confidentiality, integrity, and availability of customer and respondent data.

2. Encryption

• In transit: We use HTTPS (TLS) to protect data transmitted between your browser and Novella.
• At rest: We use encryption and/or encrypted storage mechanisms where supported by our infrastructure.

3. Access controls

We restrict access to systems and data based on the principle of least privilege.

• Role-based access within the application
• Administrative access restricted to authorized personnel
• Authentication controls and secure credential handling

4. Data handling

• Data minimization: customers control what they collect in surveys and widgets
• Retention aligned with subscription plans and configuration
• Secure deletion and lifecycle management where applicable
• Subprocessors are used only where needed and are bound by appropriate agreements

5. Vulnerability management

We work to reduce vulnerabilities through:

• Regular dependency updates and patching
• Code review and controlled deployments
• Monitoring for abnormal activity

6. Reliability & monitoring

We aim for predictable performance and availability through:

• Monitoring and alerting for critical services
• Logging of key application events
• Backups and recovery processes appropriate to the environment

7. Incident response

If we detect a security incident affecting customer data, we work to contain and remediate it. Where legally required, we will notify affected customers and support them in meeting their regulatory obligations.

8. Contact

Security questions?

📧 security@novellahq.com