Security
Nightlamp is built for operational teams that need practical controls, clear access boundaries, and honest security claims.
Nightlamp runs on AWS-managed infrastructure with TLS in transit and encryption at rest where the platform supports it. We are not currently SOC 2 certified and do not claim a SOC 2 Type II report. The product supports passkey and magic-link sign-in, role-based access for customer and ops users, and audit-friendly logging. Customers should grant read-only access; on-call is founder-led, and engineer access is scoped, read-only, and designed to be traceable through logs. Reports: hi@nightlamp.app.
1. Current assurance status
Nightlamp is not currently SOC 2 certified. We do not claim SOC 2 Type II certification today.
Security materials and a DPA request path are available for customers that need procurement or vendor review support.
2. Application controls
The app supports passkey sign-in, magic-link authentication, session handling, and role-based access for customer and ops workflows. Magic-link tokens are single-use, stored hashed (never in plain text), and expire after 15 minutes. Access tokens are short-lived JWTs (15-minute lifetime); refresh tokens are HttpOnly, Secure cookies that JavaScript cannot read.
Sensitive operational actions are designed to be traceable through product and infrastructure logs.
3. Infrastructure
Nightlamp uses AWS-managed infrastructure, TLS for data in transit, encryption at rest where supported, private frontend storage behind CloudFront, and restricted deployment paths.
Production changes are reviewed through pull requests. Direct pushes to main are not part of the intended release process.
4. How engineers access your app
We ask customers to grant the minimum practical read-only access needed for monitoring and diagnostics: a scoped editor login on no-code platforms, webhook payloads for the flows we probe, response codes, and platform logs for those flows. Where possible, probes use synthetic users and synthetic data.
Integration credentials you store with us (for example, AgentDraft API keys for email-flow checks) are encrypted at rest — never stored in plain text. On-call engineers cannot push code, deploy releases, or modify your app; the deliverable is a written diagnosis and a recommended fix that you ship.
Staff access is limited to people who need it for operations, support, or incident response, and engineer access to customer-facing data is designed to be traceable through product and infrastructure logs.
5. Who is on call
Nightlamp is founder-operated: the on-call rotation is led by the founding engineer, and every responder is named on the how-it-works page. We do not outsource incident response to third-party contractors or an anonymous tier-one queue.
New responders join the rotation only after working directly with the founder on real incidents, and are added to the public team list when they do.
6. Sub-processors
Current sub-processors: AWS for cloud infrastructure and hosting, Amazon SES for email delivery, Stripe for payments, AgentDraft for email-flow round-trip checks, and GitHub for source control and CI/CD workflows.
Additional providers may be used for support, observability, or customer communications when needed to provide the service. The privacy notice and DPA process carry the authoritative list.
7. Data retention
We keep operational probe history for the flows we watch with short retention windows, and we redact email-flow bodies before storage. We don't store your customers' PII — where a probe surfaces email addresses or names, they are hashed before storage.
On cancellation, your data is exported on request as JSON within 24 hours and purged 30 days after. Some operational logs may be retained for a limited period where needed for security, billing, dispute resolution, or legal obligations.
8. Reporting issues
Security reports should be sent to hi@nightlamp.app with enough detail to reproduce the issue. Please avoid accessing customer data or disrupting production systems while testing.
Common questions
Is Nightlamp SOC 2 certified?
Not currently. We do not claim a SOC 2 Type II report today. Security materials and a DPA request path are available for customers that need procurement or vendor review support.
How does Nightlamp authenticate users?
The app supports passkey sign-in and magic-link authentication, plus role-based access for customer and ops workflows. Sensitive operational actions are designed to be traceable through product and infrastructure logs.
Where is data stored and how is it protected?
Nightlamp runs on AWS-managed infrastructure, with TLS in transit and encryption at rest where the platform supports it. Frontend assets sit behind CloudFront; production deploys go through reviewed pull requests, not direct pushes.
Who actually responds to incidents?
A named engineer on a founder-led on-call rotation — not an outsourced support farm. The people on the rotation are listed on the how-it-works page, and engineer access to customer data is scoped, read-only, and designed to be traceable through logs.
How do I report a security issue?
Send a report to hi@nightlamp.app with enough detail to reproduce the issue. Please avoid accessing customer data or disrupting production systems while testing.
The engineers on call
Founder-led on-call, real names, no stock photos. Meet the engineers on the how-it-works page →
Security review
Need a vendor questionnaire, architecture summary, or DPA request? Send the request and deadline.
hi@nightlamp.app