Security Policy

We understand the importance of keeping your data private and strive to do our very best in keeping your data secure and confidential.

If you would like more information on our other policies, we have Terms of Use and a Privacy Policy, additionally please contact us at


Nine is primary hosted on Heroku and Vercel, our user data is stored in Heroku Postgres. We make use of some additional Amazon Web Services products for file storage. You may review Heroku’s security policy for further information, needless to say it’s pretty state of the art, they are also PCI Level 1 compliant.

Our infrastructure is secured by a limited number of engineers who use two factor authentication.
All of our web traffic is encrypted with TLS using state of the art RSA 2048 bit keys, provided by Lets Encrypt and rated “A+” by Qualys SSL Labs (as of January 2020).

Software choices

Nine has been developed by experienced engineers and has been built on top of quality open source software. The core API is built using Node, Express and Apollo server; and follows industry best practises. The client side applications for Nine are built using React and Next.js.

We monitor our codebase for CVE’s automatically as part of our continuous deployment process and apply security patches as soon as we are made aware. We also monitor for application errors in realtime and all issues are immediately escalated to our engineering team.

Payment processing

We use Stripe for payment processing and adhere to PCI standards. We do not store or collect your payment card details, that information is provided directly to Stripe’s servers, whose use of your personal information is governed under their Privacy Policy. Stripe adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council.

Backup policy

Nine data is backed up to multiple regions within the AWS system to prevent a single point of failure leading to data loss. Backups are stored for 30 days and then permanently deleted.