Security Assessment in Progress

    Nuvo is currently undergoing a CASA Tier 2 security assessment — the platform is live solely for the security team to review and test it. Please do not use it. We want to make sure everything is fully secured before you rely on it.

    Questions? contact@nuvo-hub.com

    Security & Compliance

    Security is not a checklist at Nuvo — it is a core design principle. Every layer of our stack is built to protect your data and your trust.

    Last updated: April 14, 2026

    TL;DR — The Short Version

    • We never store the content of your emails, messages, or calendar events.
    • All credentials are protected with OAuth 2.0 — we never see your passwords.
    • Data in transit is protected with TLS 1.3; tokens at rest are encrypted with AES-256.
    • We are independently assessed under the CASA Tier 2 framework.
    • You can revoke access and delete your account at any time and all associated data is removed immediately.

    Security Pillars

    End-to-End Encryption

    All data in transit is encrypted with TLS 1.3. Stored credentials (OAuth tokens) are encrypted at rest using AES-256. Your passwords are never seen or stored — we use OAuth exclusively.

    Zero-Storage Architecture

    We process your emails, messages, and calendar events in real time and discard them immediately after execution. Nothing sensitive is ever written to disk or retained in any log.

    Privacy by Design

    Security and privacy are not features bolted on after the fact — they are the foundation every system component is built on. Minimal data collection is enforced at the architecture level.

    CASA Tier 2 Compliance

    Nuvo undergoes independent CASA (Cloud Application Security Assessment) Tier 2 evaluation, verifying our security controls against the OWASP ASVS framework for cloud-connected applications.

    Enterprise-Grade Infrastructure

    Hosted on industry-leading cloud providers with proven security and reliability track records — with redundant availability zones, automatic failover, DDoS mitigation, and continuous intrusion detection running 24/7.

    Strict Access Controls

    Internal access to production systems follows the principle of least privilege with mandatory MFA, role-based permissions, and full audit logging of every access event.

    How Your Data Is Handled

    Every request you make follows this strict lifecycle — nothing is retained beyond what is needed to complete the task.

    01

    Request Received

    Your instruction arrives over an encrypted channel. No plaintext data is ever transmitted.

    02

    Real-Time Processing

    Nuvo reads the minimum required data from your connected accounts solely to execute the task you requested.

    03

    Immediate Disposal

    Once the action is complete, all fetched content — emails, events, messages — is purged from memory. Nothing is persisted.

    04

    Metadata Only

    Only anonymous operational telemetry (e.g., execution time, error codes) is retained to keep the service reliable.

    CASA Tier 2 Compliance

    Cloud Application Security Assessment — Independent third-party verified

    CASA (Cloud Application Security Assessment) is a standardised security framework backed by the App Defense Alliance. Tier 2 requires an independent, accredited lab to assess our application against the OWASP Application Security Verification Standard (ASVS) — covering authentication, session management, access control, cryptography, and data protection.

    This assessment validates that Nuvo's security controls meet the requirements for cloud-connected apps that access sensitive user data including Google and Microsoft account scopes.

    Standards & Frameworks

    CASA Tier 2

    Cloud Application Security Assessment

    OAuth 2.0

    Industry-standard authorisation protocol

    TLS 1.3

    Latest transport encryption standard

    OWASP ASVS

    Application Security Verification Standard

    Security Incident Response

    We take every security report seriously.

    Our team monitors systems around the clock. In the event of a confirmed incident, we notify affected users promptly and take immediate remediation action.

    Found a vulnerability? Please disclose it responsibly by contacting us at contact@nuvo-hub.com. We review all reports promptly and will work with you on coordinated disclosure.