Security at NerveRift

Security Policy

Last updated: March 4, 2023

At NerveRift, we take the security of our products and services very seriously. We have implemented a variety of security measures to protect your personal information and biometric data from unauthorized access, disclosure, or use. Our servers are located in the UK and are ISO compliant.

Access Controls

We limit access to your data to only those employees and contractors who have a legitimate business need to access it. We use role-based access controls to ensure that employees and contractors can only access the data that is necessary for their job functions.


We use encryption to protect your personal information and biometric data from unauthorized access. All data in transit is encrypted using HTTPS/TLS, and all data at rest is encrypted using AES-256.

Data Retention

We retain your data only for as long as necessary to provide our products and services and comply with legal requirements. When data is no longer necessary, it is securely deleted or destroyed.

Vulnerability Management

We regularly monitor our systems for vulnerabilities and take prompt action to address any identified vulnerabilities. We also perform regular penetration testing to identify and address potential security risks.

Incident Response

We have a documented incident response plan in place to ensure that we can quickly and effectively respond to any security incidents that may occur. We promptly investigate any suspected security incidents and take appropriate actions to mitigate any potential harm.

Third-Party Security

We require all third-party service providers who have access to your personal information and biometric data to adhere to our security policies and practices. We perform due diligence on all third-party service providers to ensure that they meet our security requirements.


We are committed to complying with all applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR). We regularly review and update our policies and procedures to ensure that we are compliant with all applicable laws and regulations.

Employee Training

We provide regular training to our employees and contractors on our security policies and procedures to ensure that they are aware of and comply with our security requirements.

Physical Security

Our servers are located in a secure facility that is protected by multiple layers of physical security, including biometric access controls, 24/7 security monitoring, and video surveillance.

Changes to This Security Policy

We may update this security policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes to this policy by posting the updated policy on our website or by email.

Effective Date

This security policy is effective as of the date listed below and replaces any previous security policy.

Effective Date: March 4, 2023.