Everything your security and procurement teams need to vet Nova AI Ops, our compliance posture, sub-processors, system status, and how to request the artifacts (DPA, MSA, security questionnaire, SOC 2 progress letter, pen test summary) on file.
Audit underway. Controls in place; observation window in progress. Bridge letter and progress summary available on request.
Data Processing Agreement, Standard Contractual Clauses for international transfers, documented sub-processors, and a DSAR process.
California consumer privacy rights honored, access, deletion, correction, opt-out of sale (we don't sell), and limit-use of sensitive information.
Pre-signed DPA available, includes SCCs and the sub-processor list. Use the form below or email privacy@novaaiops.com.
Architecture supports HIPAA-aligned deployments with BAAs available for healthcare customers. PHI never leaves your tenant boundary; details on request.
Planned to follow the SOC 2 Type II report. Many ISO 27001 controls overlap; we'll start the gap analysis after the SOC 2 observation window closes.
Available on request: SOC 2 Type II progress letter, DPA, MSA, security questionnaire (CAIQ / SIG-Lite), pen test summary, and the full sub-processor list. We respond within one business day.
Thank you. Our security team will review your request and respond within one business day. For urgent procurement timelines, email security@novaaiops.com with the deadline.
A short list of trusted third parties we use to deliver Nova AI Ops. The complete and current list ships with the DPA.
| Sub-processor | Purpose | Region |
|---|---|---|
| Amazon Web Services (AWS) | Primary cloud infrastructure, storage, compute | US, EU |
| Cloudflare | CDN, DDoS protection, WAF, DNS | Global |
| Anthropic | AI model inference for agent and copilot features | US |
| Stripe | Payment processing | US |
| Postmark / SendGrid | Transactional email delivery | US |