Your fleet data is mission-critical. We protect it with AES-256 encryption, dual-cloud redundancy, and compliance frameworks built for global operations. Security is not a feature we bolt on. It is foundational to everything we build.
From the device in the field to the dashboard on your screen, every byte of fleet data is encrypted, isolated, and redundantly stored across multiple geographic regions.
All stored data is encrypted using AES-256. Database volumes, backups, and object storage are encrypted at the infrastructure level with keys managed through AWS KMS and Azure Key Vault. Customer data is never stored in plaintext.
All API traffic and web sessions use TLS 1.2 or higher. Device-to-cloud communication is encrypted over DTLS and MQTT-TLS. We enforce HSTS headers and certificate pinning on mobile applications to prevent interception.
NovaAssure runs on both AWS and Microsoft Azure with active-active redundancy across US regions. If one cloud provider experiences an outage, your fleet data and tracking services remain available with automatic failover.
Nova Mobile Systems is committed to building a security program aligned with industry best practices. We implement controls across security, availability, confidentiality, and privacy as part of our commitment to protecting customer data.
As we mature our security program, we are working toward independent third-party validation so that your procurement and infosec teams can verify our security posture with formal documentation.
Nova Mobile Systems is committed to protecting the personal data of individuals in the European Union and European Economic Area. We process fleet and telemetry data in accordance with the General Data Protection Regulation (GDPR), including lawful basis requirements, data minimization, and purpose limitation.
For customers operating in the EU, we are committed to meeting GDPR requirements including sub-processor disclosures, data retention schedules, and cross-border transfer mechanisms. We will work with your legal team to establish appropriate data processing terms.
For GDPR-related inquiries, data subject requests, or to discuss data processing terms, contact us:
Email: info@novamobilesystems.com
Mail: Nova Mobile Systems, Carlsbad, CA 92011, USA
Under GDPR, individuals have the following rights regarding their personal data. Nova supports all of these for data we process on behalf of our customers:
Request a copy of the personal data we hold about you and information about how it is processed.
Request correction of inaccurate or incomplete personal data.
Request deletion of personal data when it is no longer necessary for the purpose it was collected.
Request limitation of processing while accuracy or legal basis is being verified.
Receive your personal data in a structured, machine-readable format for transfer to another controller.
Object to processing based on legitimate interests, including profiling and direct marketing.
Nova Mobile Systems respects the privacy rights of California consumers under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). As a Carlsbad-based company, we take California privacy law seriously.
Request disclosure of the categories and specific pieces of personal information we collect, the sources, the business purpose, and third parties we share it with.
Request deletion of personal information we have collected, subject to legal exceptions such as compliance obligations and fraud prevention.
Nova does not sell personal information. If our practices change, we will provide a clear "Do Not Sell or Share My Personal Information" mechanism.
We will never discriminate against you for exercising your CCPA/CPRA rights. You will receive equal service and pricing regardless of your privacy choices.
To submit a verifiable consumer request, contact us through our website or email info@novamobilesystems.com. We will respond within 45 days as required by law.
Email remains a primary attack vector for phishing and business email compromise. We implement industry-standard email authentication to protect our customers and partners from spoofed messages.
We are committed to authenticating outbound email from novamobilesystems.com using SPF, DKIM, and DMARC. Our goal is a DMARC policy of reject, meaning any email that fails authentication is dropped by the receiving mail server before it reaches your inbox.
Authorizes specific mail servers to send email on behalf of our domain. Unauthorized servers are flagged and rejected.
Cryptographically signs outgoing messages so receivers can verify the email was not tampered with in transit.
Target policy: p=reject. Failed messages are discarded. Aggregate reports monitored for abuse detection.
Fleet devices operate in harsh, unpredictable environments. Our network architecture is designed for resilience, security, and continuity across every carrier and every continent.
Nova devices operate across AT&T, T-Mobile, and Verizon through our partnership with KORE Wireless. If one carrier network degrades, devices automatically switch to the next strongest signal. No gaps. No manual intervention.
Each device is provisioned with a unique device certificate at the factory. Devices authenticate to the cloud using mutual TLS, ensuring only authorized hardware can connect to the NovaAssure platform. Stolen or decommissioned devices can be revoked instantly.
Enterprise customers can request a private Access Point Name (APN) for cellular traffic, keeping device data off the public internet entirely. Combined with IPsec VPN tunnels to your corporate network, fleet data never touches an uncontrolled hop.
Firmware updates are delivered over-the-air with code-signing verification. Every update package is signed with Nova's private key, and devices validate the signature before applying. Tampered or unsigned packages are rejected automatically.
These frameworks guide how we design, build, and operate every part of the Nova platform. We are building our compliance program to meet these standards as we grow.
Working toward independent audit of security, availability, and confidentiality controls.
International standard for information security management systems. Under consideration as our security program matures.
EU General Data Protection Regulation. Committed to meeting GDPR requirements for EU customers.
California Consumer Privacy Act and California Privacy Rights Act. Nova does not sell personal information.
We welcome responsible security researchers who help us identify vulnerabilities in our products and infrastructure. If you believe you have found a security issue, we want to hear from you.
We commit to acknowledging your report within 2 business days, providing an initial assessment within 5 business days, and keeping you updated on remediation progress. We will not pursue legal action against researchers who act in good faith and follow our disclosure guidelines.
Report a VulnerabilityNovaAssure web platform, REST API endpoints, mobile applications, and device firmware are in scope. Third-party services (AWS, Azure, carrier networks) are out of scope.
Authentication bypasses, data exposure, injection vulnerabilities, privilege escalation, insecure direct object references, and cryptographic weaknesses.
Do not access customer data, perform denial-of-service testing, use social engineering against employees, or publicly disclose before remediation.
Valid reports will be credited in our security acknowledgements (with your permission). We are evaluating a formal bug bounty program for 2027.
Email info@novamobilesystems.com with a detailed description, steps to reproduce, and any proof-of-concept materials.
Whether you have questions about our security architecture, data handling practices, or privacy commitments, our team is here to help.
Architecture questions, compliance documentation, vendor security questionnaires.
Contact UsGDPR inquiries, data subject requests, cross-border transfer questions.
info@novamobilesystems.comCCPA/CPRA consumer requests, privacy policy questions, data access and deletion.
Contact UsCommon questions about how Nova handles and protects your fleet data.
We are happy to discuss our security practices, share architecture details, and work with your team on security questionnaires and data protection requirements.