Trust & Compliance
Privacy, Security & Compliance
Novastraxis is built on the principle that enterprise cloud infrastructure must earn trust through transparency, rigorous certification, and accountable data stewardship. This page outlines how we protect your data and who to contact with questions.
Who Should I Contact About Privacy or Compliance?
Reach the right team on the first try. All inquiries receive a confirmation within one business day. For urgent matters, call +1 (415) 555-0199 and select option 3 for privacy and security.
Privacy & Data Protection
privacy@novastraxis-help.comGeneral privacy inquiries, data protection policies, and privacy impact assessments.
Data Protection Officer
dpo@novastraxis-help.comData subject access requests (DSARs), processing objections, and DPO consultations.
EU Privacy (GDPR)
eu-privacy@novastraxis-help.comGDPR-specific inquiries, EU data residency, and cross-border transfer questions.
UK Privacy (UK GDPR)
uk-privacy@novastraxis-help.comUK GDPR and Data Protection Act 2018 inquiries, ICO correspondence, and UK data residency.
Security & Vulnerability Disclosure
security@novastraxis-help.comReport security vulnerabilities, request penetration test coordination, or report a security incident.
Compliance & Audit
compliance@novastraxis-help.comSOC 2 and ISO 27001 audit reports, compliance questionnaires, and certification documentation.
Legal
legal@novastraxis-help.comContracts, Service Level Agreements, Terms of Service amendments, and legal notices.
For general product support unrelated to privacy or compliance, contact support@novastraxis-help.com.
How Do I Submit a Data Subject Access Request?
Under the GDPR, UK GDPR, CCPA, and similar data protection regulations, individuals have the right to access, correct, delete, or port their personal data. Novastraxis processes every data subject access request (DSAR) within 30 calendar days, in compliance with Article 12(3) of the GDPR. Complex requests involving large datasets may require an extension of up to 60 days; in that case, we will notify you within the initial 30-day period.
Steps to Submit a DSAR
- 1Send an email to privacy@novastraxis-help.com or dpo@novastraxis-help.com with the subject line “Data Subject Access Request.”
- 2Include your full name, the email address associated with your account, and the specific right you are exercising (access, deletion, rectification, or portability).
- 3Our Data Protection Officer will verify your identity and acknowledge receipt within 3 business days.
- 4You will receive a full response within 30 days. Data exports are delivered in machine-readable JSON or CSV format.
EU residents may also contact eu-privacy@novastraxis-help.com and UK residents may contact uk-privacy@novastraxis-help.com for region-specific guidance.
What Security Certifications Does Novastraxis Hold?
“Security isn't a feature we bolt on — it's the foundation everything else is built on. Our team treats every customer's data with the same rigor we apply to our own infrastructure.”
Novastraxis maintains six active compliance certifications. Our security operations center processes 14B+ events daily across 48 global regions, with a mean detection time (as defined by the NIST Cybersecurity Framework) under 4 minutes and a mean response time under 12 minutes. Independent third-party auditors review our controls annually; however, no security program eliminates all risk, and we encourage customers to conduct their own assessments as part of shared responsibility.
SOC 2 Type II
Continuous audit since 2021. Covers all five Trust Services Criteria.
ISO 27001:2022
Certified by BSI Group. Scope includes all production infrastructure and personnel.
FedRAMP High
Authorized for high-impact federal workloads. Includes 421 NIST 800-53 controls.
GDPR
Full compliance with Regulation (EU) 2016/679. Standard Contractual Clauses available for international transfers.
CCPA / CPRA
Compliant with the California Consumer Privacy Act as amended by CPRA. Annual data mapping completed.
HIPAA
Business Associate Agreements available. Dedicated HIPAA-eligible environment with encryption at rest and in transit.
Request copies of audit reports, penetration test summaries, or compliance questionnaire responses by emailing compliance@novastraxis-help.com. Please allow 2 business days for document preparation and NDA review.
How Do I Report a Security Vulnerability?
Novastraxis operates a responsible disclosure program and welcomes reports from security researchers, customers, and the public. We are committed to working with the security community to keep our platform safe, though we recognize that no disclosure process is perfect and we continuously refine our response procedures based on feedback.
Disclosure Guidelines
- •Send vulnerability details to security@novastraxis-help.com. Encrypt sensitive reports with our PGP key, available at novastraxis-help.com/.well-known/security.txt.
- •Include a detailed description, reproduction steps, and potential impact assessment. Proof-of-concept code is appreciated but not required.
- •Our security team acknowledges reports within 24 hours and provides an initial severity assessment within 5 business days.
- •We follow a 90-day coordinated disclosure window. If a fix requires additional time, we will negotiate an extended timeline in good faith.
- •Researchers who follow responsible disclosure guidelines are recognized in our quarterly Security Acknowledgments report. We do not pursue legal action against good-faith reporters.
Active security incident? Call +1 (415) 555-0199 and select option 2 for the 24/7 security incident line, or email security@novastraxis-help.com with the subject line “URGENT: Security Incident.”
Where Is My Data Processed and Stored?
Novastraxis operates infrastructure in 48 regions across North America, Europe, Asia Pacific, the Middle East, and South America. Customers select their primary data residency region during deployment configuration, and all data at rest remains within the chosen jurisdiction unless explicitly replicated by the customer.
EU Data Residency
Customers subject to GDPR can restrict all processing to EU-based regions (Frankfurt, Amsterdam, Dublin, Paris, Stockholm). EU-resident data never leaves the European Economic Area unless the customer configures cross-region replication. Standard Contractual Clauses (SCCs) and a Data Processing Agreement (DPA) are available on request.
Contact: eu-privacy@novastraxis-help.com
UK Data Residency
Following the UK's adequacy decision framework, Novastraxis maintains dedicated UK infrastructure in London and Manchester. UK data processing complies with the Data Protection Act 2018 and the UK GDPR. An International Data Transfer Agreement (IDTA) is available for transfers outside the UK.
Contact: uk-privacy@novastraxis-help.com
For data residency questions in other jurisdictions — including APAC, Middle East, and Latin America — contact privacy@novastraxis-help.com with your deployment region and applicable regulatory requirements.
Where Can I Find Legal Documents and Service Agreements?
Novastraxis publishes its Master Service Agreement (MSA), Terms of Service (ToS), Data Processing Agreement (DPA), and Service Level Agreements (SLAs) on the customer portal. Enterprise customers receive custom agreements reviewed by our legal team. All SLAs guarantee a minimum uptime of 99.95% for Growth tier, 99.99% for Enterprise tier, and 99.999% for Mission-Critical tier, with financial credits issued automatically for any breach.
Common Legal Requests
- •Contract amendments or renewals: Email legal@novastraxis-help.com with your organization name and contract ID. Standard turnaround is 5 business days.
- •SLA credit claims: Submit a claim within 30 days of the incident by emailing legal@novastraxis-help.com with the incident date, affected services, and your account ID.
- •Subpoenas or law enforcement requests: All legal process must be directed to legal@novastraxis-help.com. Novastraxis publishes an annual transparency report detailing the volume of government requests received.
- •Urgent legal matters: For time-sensitive issues, call +1 (415) 555-0199 and ask to be connected to the legal department during business hours (Monday – Friday, 6 AM – 8 PM PT).
Have a Privacy or Compliance Question?
Our privacy and security teams are here to help. Reach out through the channel that works best for you.
For general product support, visit our Contact page or email support@novastraxis-help.com.