Trust Center

Security, Privacy, and Resilience at nestclo

nestclo powers mission-critical commerce, facilities, and field service operations. Our security program blends cloud-native controls, rigorous governance, and 24/7 monitoring so you can trust us with your data.

Cloud region

AWS UK & Ireland

Services operate across AWS facilities in the UK and Ireland, with additional regions available to meet customer data residency requirements.

99.9% uptime

Service level target

Multi-AZ architecture, automated failover, and continuous health checks.

24/7 monitoring

Security operations

Centralised alerting, incident response playbooks, and rapid escalation.

Infrastructure security

nestclo applications run inside Amazon Web Services (AWS) using hardened Amazon Linux hosts, isolated VPC networks, and least-privilege IAM roles. Core workloads span multiple availability zones in AWS's UK region with complementary resources in Ireland, and we support regional deployments in other AWS geographies when data residency mandates apply.

  • Web traffic enforced over TLS 1.2+ with automated certificate rotation and HSTS.
  • Security groups and network ACLs restrict ingress and egress to approved services.
  • AWS WAF mitigate common web exploits and volumetric attacks.

Data protection

Customer data is encrypted in transit and at rest using modern ciphers. Access is gated by role-based permissions, multi-factor authentication, and detailed audit trails.

  • AES-256 encryption for databases, object storage, and backups managed through AWS KMS.
  • Fine-grained user roles in the nestclo application ensure least-privilege access by job function.
  • Comprehensive logging and immutable audit trails to support investigations and compliance reporting.

Operational resilience

Continuous delivery pipelines promote tested releases, while observability tooling tracks synthetics, real-user metrics, and infrastructure telemetry.

  • Automated backups, point-in-time recovery, and quarterly disaster recovery exercises.
  • Infrastructure-as-code with peer review and segregation of duties for production changes.
  • SLO dashboards notify engineers before customer experience degrades.

Governance & compliance

Our security governance framework aligns to ISO 27001 and NCSC cloud guidance. Third-party auditors validate AWS facility controls, while we maintain internal policies and evidence for customer due diligence.

  • Documented security policies covering access, change, supplier, and risk management.
  • Annual penetration testing and continuous vulnerability scanning with remediation SLAs.
  • DPA and SCC-ready contractual terms to support GDPR-compliant processing.

Incident readiness & support

Security events are triaged by an on-call incident response team with predefined playbooks. Customers receive timely notifications and a clear remediation plan for notifiable incidents.

  • 24/7 paging integrated with SIEM and cloud-native alerts.
  • Post-incident reviews drive permanent corrective actions and updates to our control library.
  • Customer security notifications issued within contractual timeframes, including impacted scope and next steps.

Shared responsibility

While nestclo secures the platform, we equip administrators with granular permissions, SSO support, and audit exports so they can enforce their own internal policies.

Need something formal?

Request copies of our security summary, DPA, or completed questionnaires by contacting info@nestclo.com.