Your security is our priority

Ensuring your security is just as important to us as delivering a consistent, thoughtful user experience. We have various measures and policies in place to protect the data of all our users.

We strongly believe in being transparent regarding security and have outlined our practices below for your knowledge.

We store our data securely

We use Amazon Web Services (AWS) for our data center due to its reliability and security. Their security standards are unrivaled. Their services are designed for high-volume data center operations and have compliance with both ISO 27001 certification and Level 1 service provider under the PCI Data Security Standard, which protects your billing information.

AWS has multiple data centers dispersed in remote areas around the world. If a data center is down due to failure, a recovery data center can seamlessly continue service.

You can find more information on data center security at

We meet the highest compliance standards

Nulab continuously seeks to protect your data with the highest standards in the industry, which is why we've worked to achieve compliance with ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27018.

You can view and download the Nulab ISO 27001 certificate here, the Nulab ISO 27017 certificate here, and the Nulab ISO 27018 certificate here.

We treat your data with care

We have strict policies about who can access our servers. Only operational team members can access Nulab servers from our environment firewall on AWS. Those team members can only access the servers during authorized routine checks and approved investigations into user feedback, such as bugs. Nulab users have ZERO access to our servers directly.

We backup your data for peace of mind

Nulab has two countermeasures in case of server failure, human error, etc.

First, our database server continuously forwards and copies data to another server in real-time. Consequently, if the database server fails for any reason, we can resume software usage with the cloned data.

Second, we perform regular backups. Once a day, we complete a full backup of Backlog, Typetalk data, and Cacoo data. We can roll back to those backups if we lose messages due to an operational mistake.

We prohibit unauthorized access

We have robust systems in place to protect against application vulnerability and prevent malicious third parties from accessing your data.

We encrypt all HTTP connections

All connections to Nulab software on the web and mobile devices are encrypted by SSL and sent using HTTPS. We use encrypted connection via TLS 1.2 for HTTPS. All passwords are encrypted.

We have an excellent track record

Each day we ensure that our software meets and exceeds the expectations of collaborative tools for business. We perform server monitoring, troubleshooting, and planned updates. We are always taking action to improve our applications and your experience.

We are always monitoring and troubleshooting

We monitor server reports 24/7. Our monitoring system notifies our operational team of system abnormalities, and that team follows up immediately.

We handle security issues swiftly

We have a set of procedures in place in the event of a vulnerability. We notify all users immediately following any security concerns—you’ll always know what we know.

Please send reports directly using our contact form if you notice a security vulnerability.