At Nimbus Suite, we take the security and privacy of your data extremely seriously. This article explains the measures we've implemented in Nimbus Manage to ensure your Cloudflare account information and API keys remain secure.

One of the core principles of Nimbus Manage's security model is our strict no-data-storage policy:

Transient Information: We do not store any of your Cloudflare account information or zone data on our servers. All information you see in Nimbus Manage is fetched in real-time when you need it.

Direct API Calls: When you use Nimbus Manage, we make direct calls to Cloudflare's APIs using your provided credentials. This means that the information you see is always up-to-date and comes directly from Cloudflare, not from any stored database on our end.

Session-Based Operation: Your interaction with Cloudflare through Nimbus Manage exists only for the duration of your session. Once you log out or your session expires, no trace of your Cloudflare data remains on our systems.

While we need your Cloudflare API keys to function, we take extensive measures to keep them secure:

Encryption at Rest: When you provide us with your Cloudflare API key or token, we immediately encrypt it using industry-standard encryption algorithms. This encrypted version is what we store, ensuring that even in the unlikely event of a data breach, your actual API keys remain secure. Our services are SOC 2 and ISO 27001 certified -- reach out to our support team if you require access to this documentation.

Secure Transmission: All communication between your browser and our servers, including when you input your API key, is encrypted using HTTPS, preventing interception of your sensitive data.

Temporary Decryption: Your API key is only decrypted temporarily in memory when needed to make API calls to Cloudflare. It's never stored in its decrypted form.

Regular Re-Authentication: We periodically require re-authentication to ensure that only authorized users have ongoing access to the system.

Beyond our core no-storage policy and secure API key handling, we implement several other security best practices:

Audit Logging: While we don't store your Cloudflare data, we do maintain logs of actions performed through Nimbus Manage. These logs do not contain sensitive information but allow us to investigate any potential security issues.

Regular Security Audits: Our systems undergo regular security audits and penetration testing to identify and address potential vulnerabilities.

Compliance: We adhere to industry-standard compliance regulations to ensure we're following best practices in data security and privacy.

We believe in giving you full transparency and control over your data:

Visible API Calls: In many areas of Nimbus Manage, we show you the exact API calls being made to Cloudflare, so you can verify what actions are being performed.

Easy Key Rotation: We provide easy methods for you to update or rotate your API keys, encouraging regular key rotation as a security best practice.

Account Deletion: If you choose to stop using Nimbus Manage, you can easily delete your account, which will remove all traces of your API keys from our system.

At Nimbus Suite, we understand that we're handling sensitive access to your Cloudflare accounts. Our no-storage policy, direct API call approach, and robust API key encryption are cornerstones of our commitment to keeping your information safe. We continuously work to maintain and improve our security measures, ensuring that you can confidently use Nimbus Manage to streamline your Cloudflare management tasks.

For any questions or concerns about our security practices, please don't hesitate to contact our support team. Your trust is paramount to us, and we're always here to address any security-related inquiries you may have.