Nini’s security posture is designed for finance teams: least-privilege, evidence-linked, and auditable. This page provides a plain-English overview.

Detailed materials (security questionnaires, policies, and relevant assurance artifacts) are available to qualified Customers and design partners under appropriate confidentiality terms.

Security contact: security@nini.com

Security principles

• Least privilege by default (access is scoped to role and need)
• Defense in depth across identity, application, data, and operational layers
• Auditability of security- and control-relevant actions
• Separation of duties for sensitive activities
• Secure change management for production systems

Identity, access, and tenant separation

• Role-based access controls for Customer users
• Administrative access protections (including multi-factor authentication for privileged access)
• Logical segregation of Customer environments and data access boundaries
• Access lifecycle controls (provisioning, review, and removal)

Data protection

• Encryption in transit using modern TLS
• Encryption at rest for stored data and backups
• Secrets management practices for sensitive credentials and keys
• Controlled access to production data, with logging and monitoring

Application and infrastructure security

• Secure development practices (review, testing, dependency hygiene)
• Vulnerability identification and remediation workflows appropriate to system criticality
• Environment separation (development, staging, production) with controlled deployment processes
• Monitoring for anomalous behavior and integrity-relevant events

Logging, monitoring, and incident response

• Centralized logging for operational and security events
• Alerting and investigation procedures for suspicious activity
• Incident response processes with escalation paths
• Post-incident corrective actions tracked to closure

Resilience, backups, and recovery

• Backup strategies designed to preserve audit trails and restore service
• Recovery procedures tested regularly (current cadence available upon request under NDA)
• Business continuity planning aligned to Customer operational needs

Third-party risk and subprocessors

• Contractual controls for vendors that may process Customer Data
• Subprocessor transparency for Customers (available upon request under confidentiality)
• Ongoing evaluation of material vendors based on risk and criticality

Security assurance and transparency

Nini follows a strict disclosure rule: we do not represent certifications, attestations, or approvals until they are complete and formally issued.

Program status and available evidence can be provided to qualified Customers under NDA.

Shared responsibility

Customers are responsible for:

• Administering user access and permissions
• Protecting credentials and enabling strong authentication
• Ensuring artifacts uploaded are authorized for processing
• Configuring integrations according to internal policies

‍