Engineered for Trust.

At Neptune Software, security and compliance aren’t just checkboxes—they’re part of the architecture. From the way we build our platform to how we operate as a company, everything is designed to protect what matters most: your data, your users, and your peace of mind.

Enter ourTrust Center

Welcome to our Security Trust Center.

Our centralized resource for up-to-date security documentation, certifications, and compliance information. We believe transparency is a core part of trust, which is why we provide direct access (NDA required) to key materials that demonstrate our security posture and ongoing commitment to protecting customer data.

Your Data, Your Terms.

As an EU-based company, we are committed to upholding the principles of the GDPR and global privacy regulations in everything we do. Our services are designed with privacy by design and by default, and we offer Data Processing Agreements (DPAs) to ensure our customers can meet their compliance requirements. For more details, please visit our Privacy Policy.

Related Case Studies

See all case studies

Have any questions?
Feel free to contact us, and we will promptly respond to your inquiry.

Frequently asked questions

What security certifications Neptune Software has? 

Neptune is ISO 27001:2022 certified. The Information Security Management System includes policies and procedures designed to systematically protect company information and assets based on their criticality and sensitivity, minimizing risks to acceptable levels. These policies are accessible to all employees, reviewed annually, and cover governance, risk management, human resources security, system and facility security, operations, incident management, business continuity, privacy, monitoring, and security testing.

Is Neptune Software GDPR compliance?

Yes, Neptune Software has established privacy and security policies and procedures to ensure compliance with GDPR regulations. We utilize Data Processing Agreements (DPAs) that enable customers to use our services in accordance with GDPR requirements. For more information, please refer to our https://www.neptune-software.com/privacy-policy.

Does Neptune Software has an designated  Information Security Team?

Yes, The Information Security team is accountable for governance, risk management, compliance, serving as the second line of defence, overseeing the Management System, and managing the overall security and business continuity program.

How do you handle data breaches or security incidents?

Neptune Software has a well-established incident response capability that allows it to address incidents in a structured and systematic manner. It follows a rigorous incident management policy and procedures for events that may impact the confidentiality, integrity, or availability of systems or data, or that may constitute a breach of company policies and controls. Incidents are classified according to their severity and impact on customers and business operations

Where is personal information is stored and processed?

The personal information we collect is stored and/or processed in Norway, or where we or our partners, affiliates, and third-party providers maintain facilities.

How is data encrypted in transit and at rest?

Encryption plays a critical role in Neptune Software’s security strategy, following best practices for both data in transit and at rest. For data in transit, we utilize TLS 1.2 or TLS 1.3 protocols. Data at rest is protected with AES-256 encryption.

What access controls are in place to protect sensitive information?

Access to company information and systems is granted only as necessary to perform assigned job responsibilities. Neptune Software follows the principles of least privilege and need-to-know, along with segregation of duties, as key security measures. Resources are further protected through multi-factor authentication (MFA). Access is revoked on an employee's last day of employment, and periodic access reviews are conducted.

Do you perform regular security audits and penetration testing?

Yes, conformity with security standards and policies is regularly assessed through internal and external audits as part of our ISO 27001 certification. Authorized external parties conduct penetration tests to evaluate the security of our product, at least once a year.

How can customers report a security vulnerability?

To report a security vulnerability, you can contact us through https://www.neptune-software.com/contact-us.

What is your approach to third-party risk management?

Neptune Software assesses new third parties to ensure they adhere to its security, privacy, and business continuity standards and best practices.  Formal agreements are established, outlining responsibilities, information security incident management procedures, communication channels, and designated contacts for security and privacy matters (including incidents).  Neptune Software also performs ongoing due diligence based on the third-party risk level to verify that their commitment to information security, privacy, and business continuity remains strong over time. This evaluation may include reviewing audit reports, certifications (such as SOC2 and ISO), surveys, penetration testing results, and other relevant documentation.

How do you ensure business continuity and disasterrecovery?

Neptune Software has a Business Continuity Policy and a Business Continuity Plan in place for critical business functions, supported by a comprehensive business impact analysis and risk evaluation.