Security is Our Highest Priority

How does Nowadays AI protect my event data?

Protecting your data is our top priority. Nowadays AI operates with industry-leading encryption standards during both storage and transmission. We use AES-256 encryption for data at rest and TLS 1.3 for data in transit. You own your data, and can always request its deletion at any time.

What AI models does Nowadays AI use?

Nowadays AI uses BAML (Boundary ML) for structured AI workflows, combined with OpenAI for specific features such as email parsing, venue analysis, and RFP generation. We carefully control how and when AI models access your data.

Is my proprietary data used to train AI models?

Your trust is paramount. We ensure that your data is not used to train or refine AI models. We maintain strict data privacy agreements with all AI service providers to protect your confidential information.

Which third parties do you share data with?

To provide adequate service, Nowadays AI limits data sharing to essential partners only:

• Supabase: Database hosting and management (PostgreSQL)
• OpenAI: AI-powered features for email parsing and venue analysis
• Stripe: Secure payment processing
• Google: Gmail API for email integration and Google Maps API for venue discovery
• SendGrid: Email delivery service
• PostHog: Product analytics and error tracking
• Vercel: Application hosting and CDN

How does Nowadays AI ensure system security?

We follow industry best practices and are working towards SOC 2 compliance. Our systems implement comprehensive security controls including authentication, encryption, access management, and regular security audits.

Authentication

Nowadays AI uses Supabase Auth for secure user authentication. All authentication flows are protected with industry-standard security measures including:

• Secure password hashing using bcrypt
• Email verification for account activation
• Bearer token validation for API requests
• Session management with automatic expiration

API Security

All non-public API routes implement authentication and authorization:

• Bearer token validation for every request
• User identity verification before data access
• Unauthorized access attempts are logged for security monitoring
• 401 status codes returned for unauthorized requests

Access Management

Events have designated owners and can have multiple collaborators with specific permissions. We implement role-based access control to ensure users only access data they're authorized to view or modify.

Data Collection

Nowadays AI's approach to data collection focuses on gathering essential information while maintaining user privacy and security. The types of data collected include:

• Email addresses: Used for account creation, communication, and notifications
• First and last names: Collected to personalize user experience and for identification purposes
• Event details: Information about your events, venues, and planning preferences
• Email integration data: When connected, we access emails to extract venue quotes and manage communications
• Payment information: Processed securely through Stripe (we never store card details)

Data Encryption

Nowadays AI ensures that all data, whether in transit or at rest, is securely encrypted:

• In-Transit Encryption: All traffic is redirected from HTTP to HTTPS using TLS 1.3, the latest and most secure version of the TLS protocol
• At-Rest Encryption: Data stored in our Supabase PostgreSQL database is encrypted using AES-256 encryption

Data Backups

To prevent data loss and ensure data availability, we implement comprehensive backup strategies through Supabase's automated backup system, providing point-in-time recovery capabilities.

Data Ownership

You own your data. You can export or delete your data at any time by contacting our support team at support@getnowadays.com.

Web Security

Our application implements comprehensive web security measures:

• Cross Site Scripting (XSS) Protection: Input sanitization and output encoding
• Cross Site Request Forgery (CSRF) Protection: Token-based request validation
• SQL Injection Protection: Parameterized queries and prepared statements
• Clickjacking Protection: X-Frame-Options headers to prevent iframe embedding
• Host Header Validation: Ensuring requests are directed to intended domains

Secure Development Lifecycle

Security is integrated into every stage of our development process:

• Mandatory code reviews for all changes
• Automated security scanning in CI/CD pipeline
• Dependency vulnerability scanning
• Regular security audits and testing
• Pre-commit hooks for code quality and security checks

Cloud Infrastructure

Nowadays AI leverages enterprise-grade cloud infrastructure providers including Vercel for application hosting and Supabase for database management. These providers maintain industry-leading security certifications and compliance standards.

Network Security

Our infrastructure implements comprehensive network security measures:

• Network isolation and segmentation
• DDoS protection
• Rate limiting to prevent abuse
• Automated threat detection and prevention

Monitoring and Logging

We maintain comprehensive logs of system access and activities for security monitoring and incident response. Access logs are retained and regularly reviewed to identify potential security issues.

Payment Processing

We use Stripe for secure payment processing. Stripe is PCI-DSS Level 1 certified, the highest level of security certification in the payments industry. We never store or access your payment card details.

Email Integration

Our Gmail API integration uses OAuth 2.0 for secure authentication. We only request the minimum permissions necessary to provide email parsing and RFP sending features. You can revoke access at any time through your Google account settings.

Vendor Security

We carefully evaluate all third-party vendors for security practices and compliance. We maintain data processing agreements with all vendors who handle customer data.