Trust Centre
Security. Privacy.
Accountability.
Enterprise software that manages patient records, student data, and sales intelligence carries profound responsibility. NM Cloud Technologies is built on a foundation of security-first architecture, transparent compliance, and contractual accountability.
Security Architecture
AES-256 Encryption at Rest
All stored data encrypted using AES-256. Encryption keys managed through AWS KMS and GCP Cloud KMS with automatic rotation.
TLS 1.3 in Transit
All data transmission encrypted using TLS 1.3. No unencrypted connections permitted across any product or API endpoint.
Role-Based Access Control
Granular RBAC configurable to each client's organisational structure. Principle of least privilege enforced across all products.
Complete Audit Trails
Tamper-proof logs of every data access, modification, and export. Audit logs retained for minimum 6 years and available for compliance review.
Multi-Factor Authentication
MFA required for all users accessing sensitive data. Supports TOTP authenticator apps and SMS-based verification.
Multi-Region Infrastructure
Deployed across AWS Mumbai (ap-south-1) and GCP Mumbai (asia-south1) with automatic failover and 99.9% uptime SLA.
Compliance Standards
HIPAA-Ready
Hospyron's architecture implements all HIPAA Technical Safeguards: AES-256 encryption at rest, TLS 1.3 in transit, role-based access control, complete audit trails, and multi-factor authentication.
GDPR-Compliant
Revise is built to GDPR specifications: no advertising data collection, no third-party data sharing, student data stored with highest encryption standards, right to erasure implemented, and parental consent architecture.
ISO 27001-Aligned
NM Cloud Technologies' security management programme follows ISO 27001 principles: risk assessment methodology, security controls catalogue, supplier security requirements, and annual security review cycle.
DPDP Act 2023
All products are designed for compliance with India's Digital Personal Data Protection Act 2023: lawful basis for processing, purpose limitation, data minimisation, and data principal rights implementation.
SLA Commitments
Across all products, backed by service credit obligations
P1 security incidents and critical system outages
Confirmed data breach notification to affected customers
Privacy Policy — Core Principles
NM Cloud Technologies processes customer and end-user data exclusively for the purposes of delivering the contracted services. Data is not sold, licensed, or shared with third parties for advertising, research, or any commercial purpose outside the contracted services.
For Hospyron (healthcare): Patient health information is processed solely for hospital management purposes. No patient data is used for AI model training without explicit written consent from the institution. Patient data is never shared with third parties outside the hospital's contracted integrations (laboratory, pharmacy, insurance).
For Revise (education): Student data is processed solely for the school's homework management and communication purposes. No student data is used for advertising, profiling, or shared with any third party. Parents can request complete export or deletion of their child's data at any time.
For NM Cloud Flow (sales): Lead and contact data is processed solely for the sales automation purposes contracted. No lead data is shared with third parties or used outside the client's contracted workflows.
Security & Compliance FAQs
Where is NM Cloud Technologies customer data stored?
All customer data is stored on enterprise-grade cloud infrastructure provided by Amazon Web Services (AWS) and Google Cloud Platform (GCP). Data is stored in India-region data centres (AWS ap-south-1 / Mumbai; GCP asia-south1 / Mumbai) by default, ensuring Indian data residency compliance. Data can be configured for alternative regions for international deployments, subject to applicable regulatory requirements.
What encryption standards does NM Cloud Technologies use?
All data stored in NM Cloud Technologies systems is encrypted at rest using AES-256, the current gold standard for symmetric encryption. All data in transit is encrypted using TLS 1.3, the current gold standard for transport security. Encryption keys are managed through AWS KMS and GCP Cloud KMS with automatic rotation policies. No unencrypted patient or customer data is stored or transmitted in any context.
What is the SLA for system uptime?
NM Cloud Technologies provides a 99.9% uptime SLA across all products. This translates to less than 8.76 hours of downtime per year. The SLA is backed by contractual service credits: 10% credit for uptime between 99.0%-99.9%, 25% credit for uptime between 95.0%-99.0%, and 50% credit for uptime below 95.0%. Uptime is monitored continuously and status is published at status.nmcloudtech.com.
How does NM Cloud Technologies handle data breaches?
NM Cloud Technologies maintains a documented incident response plan with defined response timelines. In the event of a confirmed data breach: affected customers are notified within 72 hours of breach confirmation (aligned with GDPR requirements); the nature and scope of the breach, data types affected, and remediation steps are communicated clearly; regulatory notification to applicable authorities (Data Protection Board under India's DPDP Act, relevant international regulators as applicable) is initiated immediately. A dedicated security incident hotline is available 24/7 for enterprise customers.
Contact Our Security Team
To report a security vulnerability, request security documentation, or discuss compliance requirements for an enterprise deployment, contact our security team directly.