We are built to serve regulated industries. Our architecture ensures that your data remains strictly yours, protected by end-to-end encryption in transit and at rest.

We operate with SOC 2 Type II and ISO 27001 controls (certification pending Q1 2026), ensuring our security practices meet the highest international standards.

Novis provides robust security through Role-Based Access Control (RBAC).

Role-based permissions and enterprise identity integrations keep workspaces secure while enabling accountability. This ensures that only verified users with the correct authorization can access your organization's workspace and data.

In Transit: All data transmitted between your device and Novis is encrypted using TLS 1.2+ or higher to protect against interception.

At Rest: All documents, notes, and chat logs stored in our systems are encrypted using AES-256 standards, ensuring your files remain unreadable to unauthorized parties.

We do not use your data to train public AI models.

One of our core principles is that your data belongs to you. Your inputs, uploaded documents, and generated outputs are used solely to provide services to you. Novis does not harvest your intellectual property to improve general foundation models shared with other customers or the public.

Novis is built to support organizations with compliance requirements across global standards, including GDPR (General Data Protection Regulation).

If your organization requires vendor risk assessment documentation, please contact [email protected]

While we secure the platform, here are steps you can take to maintain maximum security:

For detailed information, please review our Terms of Service and Privacy Policy or contact [email protected] .