N
NowzerSocial · Insurance

Nowzer.com

Security Overview

Last updated: 2025

1. Our Approach

Nowzer is built for insurance agencies and other regulated businesses, where trust and data protection are critical. This page provides a practical overview of how we approach security and reliability for the Service.

We focus on sensible, modern security practices aligned with a growing SaaS product. We do not claim certifications we do not yet hold, and we regularly adjust our approach as the product, infrastructure, and customer needs evolve.

2. Infrastructure & Hosting

Nowzer runs on reputable cloud providers, primarily located in the United States. We use managed services for compute, databases, and storage, and rely on content delivery networks (CDNs) to deliver static assets efficiently.

Production and non-production environments are kept separate. Access to production systems is limited to authorized personnel who need it to operate and support the Service, and access is granted based on least-privilege principles.

3. Encryption

We use HTTPS/TLS to encrypt data in transit between your browser and our servers, and between services where supported by our providers.

Our primary databases and storage layers use encryption at rest where available from the underlying cloud platform. Secrets and API keys (including social platform tokens) are stored using environment variables and provider-specific secret storage mechanisms, not in source code.

4. Access Controls & Operations

Within Nowzer, access to customer data is restricted based on role and job responsibilities. Routine work is structured so that most maintenance and support activities can be performed without viewing raw customer content.

We use role-based permissions when granting access to infrastructure, monitoring systems, and administrative tools. Access is reviewed periodically, and provider-level logging is used where available to track administrative actions.

5. Application Security Practices

Nowzer is built using modern frameworks and a plugin-based architecture. Our development practices emphasize secure defaults and include:

  • Using parameterized queries through an ORM instead of building raw SQL with user input.
  • Applying server-side input validation and schema-based checks for API requests.
  • Separating configuration and secrets from code using environment variables and provider secret managers.
  • Monitoring dependency updates and addressing high-impact security advisories as they arise.

We do not currently hold formal security certifications such as SOC 2 or ISO 27001. As customer demand grows, we may pursue third-party audits and will update this page when that occurs.

6. Data Retention & Deletion

We retain customer data for as long as reasonably necessary to provide the Service, support your account, and satisfy legal, accounting, and audit obligations. When subscriptions end or accounts are closed, we apply a combination of soft-deletion, archiving, and eventual cleanup.

Routine backups and operational logs are kept for limited periods before being rotated or overwritten. Certain business records, such as invoices and specific audit logs, may be retained longer where required by law or industry practice.

For more detail on how account-level deletion works, please see our Data Deletion page and our Privacy Policy.

7. Incident Response

We use logging and monitoring to detect unusual behavior and errors. If we become aware of a security incident that affects your data, we will investigate, work to contain the issue, and assess impact.

Where required by law, we will notify affected customers and share relevant information about what happened, what data may have been involved, and what steps we are taking in response.

If you believe you have discovered a security issue, please email us at support@nowzer.com with a description of the issue so we can investigate.

8. Your Responsibilities

Security is a shared responsibility. We encourage you to:

  • Use strong, unique passwords for your Nowzer account and associated email accounts.
  • Limit access to your account to team members who need it and review team membership regularly.
  • Remove access promptly for users who leave your organization or no longer require access.
  • Review content and approvals carefully before publishing, especially for regulated or sensitive topics.
  • Configure appropriate security and approval settings within the social platforms you connect to Nowzer.

9. Compliance & Legal Disclaimer

Nowzer includes compliance-aware features designed to help insurance agencies and other regulated businesses draft and review content more effectively. However, these tools do not replace legal or compliance advice and cannot guarantee that any particular piece of content is fully compliant.

You remain responsible for understanding the rules that apply to your business, reviewing all content before publishing, and obtaining any required approvals from carriers, broker-dealers, compliance officers, or regulators.

10. Questions & Contact

If you have questions about this Security Overview or our security practices, you can contact us at:

  • Email: support@nowzer.com
  • Mailing address:
  • Nowzer.com
    215 W Bandera Road, Suite 114242
    Boerne, Texas 78006
    United States