How we protect your data.

1. How we protect data

Every byte that moves between your browser and our servers is encrypted in transit with modern TLS. Data at rest in our PostgreSQL database is encrypted on the disk level, and sensitive fields (like stored credentials) are encrypted a second time inside the database with keys that rotate on a schedule.

When you'd rather not hand over login credentials at all, we offer credential-free delivery: instead of touching your account, the specialist writes up a step-by-step guide that you run yourself. Most of our services support this option — look for the "credential-free" note on the service page.

2. NDA enforcement across the specialist network

Every specialist signs a mutual NDA before they see a single project. That isn't marketing language — it's a contractual requirement of joining the network, and we treat violations as grounds for immediate removal.

Specialists only see the data needed for the specific order assigned to them. We never cross-share data between specialists, and specialists never see information about other buyers in the system.

3. Infrastructure and hosting

AskNimble runs on Hetzner, a European hosting provider known for strong data protection and transparent policies. Our database is PostgreSQL, operated by our own team, with daily encrypted backups stored in a separate region.

We deliberately avoid stacking too many third-party platforms — fewer vendors means fewer places your data can leak from. Where we do use third parties (payments, transactional email), we pick providers with strong track records and review their practices annually.

4. Vulnerability disclosure

If you find a security issue in AskNimble, please tell us. Email security@asknimble.com with a description of the issue and, if possible, steps to reproduce it. We'll acknowledge within 48 hours and keep you updated as we work on the fix.

We appreciate responsible disclosure and will publicly credit researchers who follow it, unless you'd rather stay anonymous. Please don't test against production data that isn't yours.

5. Incident response

If something goes wrong — a breach, a data exposure, a prolonged outage — we follow a documented incident response process. That means we contain the issue, investigate root cause, notify anyone affected within the legally required window, and publish a public post-mortem after the dust settles.

We hope to never write one of those post-mortems. If we have to, it will be honest.

6. Compliance

SOC 2 Type II is in progress. We're working with an auditor and expect to have a report available later in 2026 — until then, we won't claim certifications we don't hold. If you need specific compliance documentation for procurement, write to us and we'll tell you what we can share today.

We honor GDPR and CCPA data rights for every user, regardless of where they're located. See our privacy policy for how to exercise those rights.

7. Contact

For security issues, reach security@asknimble.com. For privacy questions, write to privacy@asknimble.com. For anything else, our help center is the fastest route.