Trust and security
This page summarises practices reflected in the product today. It does not replace contractual security questionnaires, a Data Processing Agreement, or your organisation’s own risk assessment.
Authentication and access
Workspace access uses authenticated sessions. Organisations can configure SAML SSO for their users where that capability is enabled. Role separation (admin, member, viewer) is enforced on sensitive actions in the application.
Financial and ERP data
General ledger lines and reconciliation artefacts are stored per organisation in the application database. ERP OAuth tokens are encrypted at rest before persistence. Use least-privilege ERP app registrations on your side and rotate credentials according to your policy.
Email and payments
Transactional email (for example magic links) is sent through our email provider. Card payments and subscriptions are processed by our payment provider; Ninon does not store full card numbers. Invoice-only enterprise entitlements may be recorded separately when agreed in contract.
What this page is not
We do not publish marketing-only compliance badges. For SOC 2, ISO, or regional certifications, rely on materials provided under NDA during procurement. For subprocessors and data residency, request the current list from your sales or security contact.