Your data lives where you decide
NOVA runs wherever your organization requires: a managed cloud inside Saudi Arabia, your own private cloud (VPC), or entirely within your data center: even fully air-gapped. One strict governance model across all three paths, with controls designed to comply with the Saudi Personal Data Protection Law (PDPL).
Your data lives where you decide
Three deployment paths, one strict governance model: aligned with the Saudi Personal Data Protection Law.
Launch today: your data never leaves the Kingdom
Fully managed infrastructure in Saudi data centers: automatic updates, elastic scale, and round-the-clock monitoring: while you focus on your flows.
- Data residency in Saudi Arabia by default
- Encryption in transit and at rest
- Backups and disaster recovery
- Zero infrastructure to manage
Inside your cloud, under your policies
NOVA runs inside your own cloud account: your network, your keys, your security policies: with managed updates from us that never touch your data.
- Runs inside your private network, fully isolated
- Customer-managed encryption keys
- Your security policies and SSO
- Managed upgrades on agreed windows
Full sovereignty: even with no internet
For government entities and sensitive sectors: the complete NOVA platform inside your own data center, including fully air-gapped environments, with on-site support and licensing.
- Installs on your infrastructure: containers or Kubernetes
- Runs fully isolated from the internet
- Integrates with your identity and monitoring stack
- Field support and an SLA
One governance model, every path
The same controls run in our cloud and in your stack: no “lite” edition for any deployment mode.
| Control | How NOVA implements it |
|---|---|
| Encryption in transit and at rest | Data is encrypted in transit with TLS 1.3 and at rest with AES-256: on by default in every deployment path. |
| Granular permissions | Permissions at the action and data level: what each agent and user may execute alone, and what requires human approval: you define the boundaries. |
| Audit trail | Every step is recorded: who decided, what was executed, and why: a complete log you can review and export at any time. |
| Backup & disaster recovery | Backups and disaster recovery are built into managed NOVA Cloud; in VPC and on-prem deployments NOVA operates under your own backup policies. |
| Network isolation | In a VPC, NOVA runs inside your private network, fully isolated; on-prem it runs completely disconnected from the internet: zero external egress from your infrastructure. |
| Key management | In your private cloud (VPC), encryption keys are customer-managed: owned and operated by you. Our managed updates never touch your data. |
Designed to comply with the Personal Data Protection Law
How NOVA's controls support your obligations under the Saudi PDPL. This describes our controls and is not legal advice: final compliance rests with the data controller.
| PDPL principle | How NOVA supports it |
|---|---|
| Data residency | Deployment options that keep data inside the Kingdom: NOVA Cloud in Saudi data centers by default, or entirely within your own infrastructure. |
| Security of processing & encryption | Encryption in transit and at rest, plus granular permissions at the action and data level: designed to comply with PDPL processing-security requirements. |
| Processing boundaries | Agents operate within explicit limits and permissions you define: no processing outside the defined scope, and anything beyond a threshold escalates to human approval. |
| Processing records & audit | A complete audit trail of every action on data supports your obligation to document processing activities and respond to review requests. |
| Data processing agreement | We provide a data processing agreement (DPA) to customers, defining roles and responsibilities between you as controller and NOVA as processor. |
What NOVA looks like inside your stack
NOVA Cloud: in-Kingdom
Fully managed infrastructure in Saudi data centers: the execution layer, databases, and audit logs all reside inside the Kingdom by default. Updates, monitoring, and scaling are on us: your systems connect through TLS 1.3-encrypted connectors with zero infrastructure for you to run.
Your private cloud (VPC)
The same platform runs inside your own cloud account: your private network and its isolation, customer-managed encryption keys, and integration with your SSO and security policies. Upgrades are managed by us on agreed maintenance windows: without touching your data: and deployment ships as ready-made Terraform modules.
On-premises: including fully air-gapped
The complete NOVA platform inside your data center: installed as containers or on Kubernetes from an internal image registry, integrated with your identity and monitoring stack, and able to run fully disconnected from the internet (air-gapped): zero external egress: with field support and an SLA.
Detailed reference-architecture documents for each path: diagrams, requirements, and the shared-responsibility model: are available on request to security and infrastructure teams.
Contracting that understands your procedures
We know how Saudi organizations buy, and we prepare what your approval cycle needs:
- Contracts and billing in Saudi Riyals: no dollar pricing and no exchange-rate surprises.
- Documentation fit for government approval procedures: technical and financial proposals in Arabic, with documents that support government procurement platforms such as Etimad.
- Field support and a Saudi team: solutions engineers come on-site for on-prem deployments, with Arabic-first support from a team that understands your regulatory context.
- Service-level agreement (SLA) and data processing agreement (DPA): included with the Enterprise plan.
Send us your organization's requirements: deployment mode, residency constraints, and the systems to connect: and a solutions engineer gets back to you with a practical answer within one business day.
Full sovereignty, no compromise.
Tell us your organization's requirements: residency, isolation, approval: and a solutions engineer maps the right deployment path for you.