Security at noo
Identity is critical infrastructure. We treat it that way.
Security practices
Encryption at rest and in transit
All data encrypted with AES-256 at rest and TLS 1.3 in transit. No exceptions.
Zero-trust architecture
Every request is authenticated and authorized. No implicit trust between services.
Regular penetration testing
Third-party security firms test our infrastructure and applications on a regular schedule.
Dependency scanning
Automated vulnerability scanning for every dependency on every build.
Immutable audit logs
Tamper-evident logging for every authentication event and administrative action.
Incident response
Documented incident response procedures with defined SLAs for notification and resolution.
Security-first development
Every code change goes through automated security analysis, peer review, and integration testing. We maintain a software bill of materials (SBOM) and run continuous vulnerability scanning against all dependencies.
Responsible disclosure
If you discover a security vulnerability, we want to hear about it. We operate a responsible disclosure program and will work with you to address any issues promptly. We do not pursue legal action against good-faith security researchers.
Contact: security@noo.eu
Questions about security?
Our team is happy to discuss our security practices in detail.