DocsSecurity
Security
How Nonilion protects your account, your conversations, and your data, from sign-in to the infrastructure your rooms run on.
Account security
Every Nonilion account is protected by industry-standard authentication. You never share a password with us directly; sign-in is handled by Clerk, a dedicated authentication provider.
- Email and social sign-in: Sign up with email and password, or use Google or GitHub. Social sign-in means one less password to manage.
- Enterprise SSO: Single Sign-On with major identity providers is available on Enterprise plans, so access follows your company directory.
- Session management: Sessions are short-lived and revocable. Signing out on one device does not leave stale sessions behind on others.
Data protection
Your data is encrypted on the way to us and while it sits on our servers.
- Encryption in transit: All traffic between your browser and Nonilion uses TLS. Voice and video streams are encrypted end to end in transport.
- Encryption at rest: Stored data, including room configurations, chat history, and uploaded files, is encrypted at rest.
- Data minimalism: We collect what the product needs to work and nothing more. See the privacy policy for the full picture of what is stored and why.
Note: The details of what we collect and how long we keep it live in the Privacy Policy.
Meeting privacy
Rooms are private by default. Hosts decide who gets in and what participants can do once inside.
- Access controls: Rooms are invite-only. A waiting room lets hosts review and admit or reject participants before they enter.
- Guest passes: Temporary guest passes grant time-limited access (1 to 168 hours) with a capped number of uses, so visitors never need standing accounts.
- Host controls: Hosts can remove participants, clear the waiting queue, and summon everyone back to the main area at any time.
- Spatial audio boundaries: Conversations are scoped by distance. People outside your bubble physically cannot hear you.
Infrastructure
Nonilion runs on modern cloud infrastructure designed for reliability as well as security.
- Multi-region deployment: Rooms are served from the region closest to your team, with automatic failover if a region degrades.
- Isolated environments: Production is isolated from development and staging. Access to production systems is restricted and audited.
- Continuous updates: Security patches ship as part of our continuous deployment pipeline, without waiting for release windows.
Responsible disclosure
Found a vulnerability? We want to hear about it before anyone else does.
- 1Email hello@nonilion.com with a description of the issue and steps to reproduce it.
- 2Give us a reasonable window to investigate and fix the issue before public disclosure.
- 3Avoid accessing other users' data while demonstrating the issue.
Thank you: We credit researchers who report valid issues responsibly. Reach out at hello@nonilion.com.
