Your fleet data is mission-critical. We protect it with AES-256 encryption, dual-cloud redundancy, and compliance frameworks built for global operations. Security is not a feature we bolt on. It is foundational to everything we build.
From the device in the field to the dashboard on your screen, every byte of fleet data is encrypted, isolated, and redundantly stored across multiple geographic regions.
All stored data is encrypted using AES-256. Database volumes, backups, and object storage are encrypted at the infrastructure level with keys managed through AWS KMS and Azure Key Vault. Customer data is never stored in plaintext.
All API traffic and web sessions use TLS 1.2 or higher. Device-to-cloud communication is encrypted over DTLS and MQTT-TLS. We enforce HSTS headers and certificate pinning on mobile applications to prevent interception.
NovaAssure runs on both AWS and Microsoft Azure with active-active redundancy across US regions. If one cloud provider experiences an outage, your fleet data and tracking services remain available with automatic failover.
Nova Mobile Systems is pursuing SOC 2 Type II certification across all five Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
Our controls are designed and audited by an independent third-party CPA firm. This means your procurement and infosec teams can verify our security posture with a formal attestation report, not just our word.
Nova Mobile Systems is committed to protecting the personal data of individuals in the European Union and European Economic Area. We process fleet and telemetry data in accordance with the General Data Protection Regulation (GDPR), including lawful basis requirements, data minimization, and purpose limitation.
For customers operating in the EU, we offer Data Processing Agreements (DPAs) that define our obligations as a data processor, including sub-processor disclosures, data retention schedules, and cross-border transfer mechanisms.
For GDPR-related inquiries, data subject requests, or to request a copy of our DPA, contact our Data Protection Officer:
Email: dpo@novamobilesystems.com
Mail: Nova Mobile Systems, Attn: Data Protection Officer, Carlsbad, CA 92011, USA
Under GDPR, individuals have the following rights regarding their personal data. Nova supports all of these for data we process on behalf of our customers:
Request a copy of the personal data we hold about you and information about how it is processed.
Request correction of inaccurate or incomplete personal data.
Request deletion of personal data when it is no longer necessary for the purpose it was collected.
Request limitation of processing while accuracy or legal basis is being verified.
Receive your personal data in a structured, machine-readable format for transfer to another controller.
Object to processing based on legitimate interests, including profiling and direct marketing.
Nova Mobile Systems respects the privacy rights of California consumers under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). As a Carlsbad-based company, we take California privacy law seriously.
Request disclosure of the categories and specific pieces of personal information we collect, the sources, the business purpose, and third parties we share it with.
Request deletion of personal information we have collected, subject to legal exceptions such as compliance obligations and fraud prevention.
Nova does not sell personal information. If our practices change, we will provide a clear "Do Not Sell or Share My Personal Information" mechanism.
We will never discriminate against you for exercising your CCPA/CPRA rights. You will receive equal service and pricing regardless of your privacy choices.
To submit a verifiable consumer request, contact us at privacy@novamobilesystems.com or call (800) 555-1234. We will respond within 45 days as required by law.
Email remains a primary attack vector for phishing and business email compromise. Nova enforces strict email authentication to protect our customers and partners from spoofed messages.
All outbound email from novamobilesystems.com is authenticated with SPF, DKIM, and DMARC. Our DMARC policy is set to reject, meaning any email that fails authentication is dropped by the receiving mail server before it reaches your inbox.
Authorizes specific mail servers to send email on behalf of our domain. Unauthorized servers are flagged and rejected.
Cryptographically signs outgoing messages so receivers can verify the email was not tampered with in transit.
Policy set to p=reject. Failed messages are discarded. Aggregate reports are monitored for abuse detection.
Fleet devices operate in harsh, unpredictable environments. Our network architecture is designed for resilience, security, and continuity across every carrier and every continent.
Nova devices operate across AT&T, T-Mobile, and Verizon through our partnership with KORE Wireless. If one carrier network degrades, devices automatically switch to the next strongest signal. No gaps. No manual intervention.
Each device is provisioned with a unique device certificate at the factory. Devices authenticate to the cloud using mutual TLS, ensuring only authorized hardware can connect to the NovaAssure platform. Stolen or decommissioned devices can be revoked instantly.
Enterprise customers can request a private Access Point Name (APN) for cellular traffic, keeping device data off the public internet entirely. Combined with IPsec VPN tunnels to your corporate network, fleet data never touches an uncontrolled hop.
Firmware updates are delivered over-the-air with code-signing verification. Every update package is signed with Nova's private key, and devices validate the signature before applying. Tampered or unsigned packages are rejected automatically.
Our compliance program is not a checkbox exercise. These frameworks shape how we design, build, and operate every part of the Nova platform.
Independent audit of security, availability, and confidentiality controls over a sustained observation period.
International standard for information security management systems. Planned for 2027 certification.
EU General Data Protection Regulation. DPA available on request. Data subject rights supported.
California Consumer Privacy Act and California Privacy Rights Act. No sale of personal information.
We welcome responsible security researchers who help us identify vulnerabilities in our products and infrastructure. If you believe you have found a security issue, we want to hear from you.
We commit to acknowledging your report within 2 business days, providing an initial assessment within 5 business days, and keeping you updated on remediation progress. We will not pursue legal action against researchers who act in good faith and follow our disclosure guidelines.
Report a VulnerabilityNovaAssure web platform, REST API endpoints, mobile applications, and device firmware are in scope. Third-party services (AWS, Azure, carrier networks) are out of scope.
Authentication bypasses, data exposure, injection vulnerabilities, privilege escalation, insecure direct object references, and cryptographic weaknesses.
Do not access customer data, perform denial-of-service testing, use social engineering against employees, or publicly disclose before remediation.
Valid reports will be credited in our security acknowledgements (with your permission). We are evaluating a formal bug bounty program for 2027.
Email security@novamobilesystems.com with a detailed description, steps to reproduce, and any proof-of-concept materials. Use our PGP key for sensitive reports.
Whether you need our SOC 2 report, a signed DPA, details about our security architecture, or have a question about how we handle data, our security team is here.
Architecture questions, compliance documentation, vendor security questionnaires.
security@novamobilesystems.comGDPR inquiries, data subject requests, DPA execution, cross-border transfer questions.
dpo@novamobilesystems.comCCPA/CPRA consumer requests, privacy policy questions, data access and deletion.
privacy@novamobilesystems.comCommon questions about how Nova handles and protects your fleet data.
We are happy to provide our SOC 2 report, completed security questionnaires, architecture diagrams, and Data Processing Agreements to qualified prospects and customers.