Nifty Accreditor Security Details

We value your data and are dedicated to ensuring its safety and protection. This document details how we handle your data securely during its transmission and storage.

If you are interested in the data we collect and store, please see our Privacy Policy.

General Practices and Organisational Security

Here are some of the best practices we’ve adopted:


When users sign up for Nifty Accreditor, we create a user record in our database that includes:

When a user signs in, we generate an encrypted session token stored in browser cookies.


All application pages are encrypted with TLS 1.3 via certificates managed by Let’s Encrypt, our certificate provider.

Infrastructure and Hosting

Amongst other reasons, these providers were selected for their security track record and commitment to industry-standard best practices.

Akamai Linode’s data centre operations have been accredited under:

Amazon's data centre operations have been accredited under:’s data centre operations have been accredited under:

Learn more about their security practices:

Architecture Diagram

Nifty Accreditor Architecture Diagram

Vulnerability Detection

The application is regularly scanned for dependencies with known security vulnerabilities.

Vulnerable dependencies are patched and redeployed rapidly.

Error Monitoring

Application errors are tracked using Bugsnag, and retained for 7 days. All data sent to Bugsnag is encrypted in transit.

Software Development Practices

We value shipping software at high-velocity, but not so fast we sacrifice quality or, most importantly, data security.


Are you SOC 2 or ISO 27001 certified?

While we’d eventually love to achieve these certifications, we don’t hold them at this time. Our infrastructure and hosting providers do hold these certifications, though. See section “Infrastructure and Hosting” for details.

How do I report a potential vulnerability or security concern?

Please email us at We do not provide compensation for independent reports at this time.