NEW The NOVA engine now understands Saudi dialects with higher accuracy
Trust Center

One URL for security reviewers

Everything your security and compliance team needs to evaluate NOVA, in one place: our security model, our position on the Saudi Personal Data Protection Law (PDPL), and how we handle reviews and documentation. Every claim here is verifiable: and whatever isn't finished yet is labeled exactly that: coming.

The trust map

Six pages, one per question

Clear, text-first pages that humans and machines read alike: no locked PDFs, no floating promises.

Security

Encryption in transit and at rest, environment isolation, and a responsible-disclosure policy: the full model.

Read the page

Personal data protection (PDPL)

How each principle of the law becomes a concrete control: residency, encryption, processing records, and the DPA.

Read the page

AI governance

Who builds, who approves, which data, where the boundaries are: enforced policies, a permission map, documented approvals.

Read the page

Audit readiness

Evidence that forms during operation, a full trail for every decision, and export bundles that answer reviewers.

Read the page

Responsible AI

Human oversight at the boundaries, explainable decisions, and transparency to leadership: principles that work in the product.

Read the page

Saudi regulatory readiness

How NOVA is built with Saudi regulatory expectations in mind: with a readiness assessment you run yourself.

NewAssess your readiness
For reviewers

How we handle security reviews

A faster security review means a faster contract: so we make ours easy.

We work with security review teams on their terms: specific documents, direct answers, one clear channel.

  • Documentation on request: we provide review teams with control, architecture and deployment details on request: and the same substance is published here as plain text, never locked behind PDFs.
  • Data processing agreement (DPA): available to customers as part of contracting; it defines roles, scope, security obligations and deletion procedures.
  • Review questions: send your security questionnaire or questions to [email protected]: we aim to respond within one business day.

For full-sovereignty requirements: your own private cloud (VPC) or an isolated on-premises deployment: see deployment & sovereignty, or talk to a solutions engineer directly.

Ready to start the review?

Send your security team's questions, or talk directly to a solutions engineer who knows your sector's regulatory requirements.

Talk to a solutions engineer Start free