Blog post
The Paywall Experiment Velocity Gap: Blame the Release Cycle
Most subscription teams know what to test. The bottleneck is the release window. Here's how A/B testing paywalls without an app release changes the math.
99.99 %
Trust
Uptime, backed by service-level credits.
Nami handles the moments that decide whether a subscriber converts or renews. Enterprise teams trust it to be there every time their subscribers are.
Compliance
Certified to the standards your security team already audits against.
Nami's controls are independently verified across the frameworks enterprise procurement teams ask about most.
SOC 2
GDPR
CCPA
Security
How Nami handles uptime, data, and access.
Built for 99.99% uptime — up to 99.999% on Concierge
Nami runs on redundant, multi-region cloud infrastructure with active monitoring and a 24/7 on-call rotation. Outages are tracked, communicated, and post-mortemed. Standard service level commits to 99.99% uptime; Concierge service commits to up to 99.999%, backed by financial service credits.
- Multi-region redundancy
- Real-time monitoring and alerting
- Public status page and incident communication
Encrypted in transit and at rest
Subscriber and customer data is encrypted with TLS 1.2 and above in transit, AES-256 at rest. Regional data residency options are available on enterprise contracts.
- TLS 1.2+ in transit
- AES-256 at rest
- Regional data residency on request
Roles and audit logs by default; SSO on enterprise
Role-based permissions and audit logs are available across every Nami workspace. SAML 2.0 SSO and SCIM provisioning are available on enterprise plans.
- Role-based access control (RBAC)
- Workspace-wide audit logs
- SAML 2.0 SSO on enterprise plans
Documentation
Documentation for your security review.
Source documents and processes for procurement, legal, and security teams.
Subprocessors
Third-party services Nami uses to deliver the platform, with their roles and locations.
View subprocessorsVulnerability Disclosure
How to report a security issue and what to expect from us in response.
View policyMaster Services Agreement
Nami's commercial terms — the subscription agreement that governs a paid Nami deployment.
View MSAData Protection Addendum
GDPR, CCPA/CPRA, and UK GDPR processing terms with EU, California, and UK annexes.
View DPAService Level Addendum
Support response times and uptime guarantees for Standard and Concierge service levels.
View SLA Questions we hear most
Frequently asked
Where is subscriber data stored?
Nami stores data primarily in US-based cloud infrastructure, with regional data residency available for enterprise contracts in the EU and other jurisdictions on request. Specifics for your subscription configuration are documented in the DPA.
How quickly does Nami notify customers of a security incident?
We notify affected customers of material security incidents within 72 hours of confirmation, in line with our DPA and applicable law.
How often are penetration tests performed?
Nami engages independent third parties to perform application and infrastructure penetration tests on at least an annual basis. Summary reports are available to customers under NDA.
How are subprocessor changes communicated?
Updates to the subprocessor list are published on our Subprocessors page. Customers who have requested advance notification under their DPA receive it before new subprocessors begin processing data.
Does Nami support SAML SSO and SCIM?
SAML 2.0 SSO is supported on enterprise plans. SCIM provisioning is available on request for organizations standardized on identity-provider lifecycle management.
Need our security package for procurement?
Send a quick note about your timeline and we'll route you to the right person on the security and legal team.