Your Security is Our Priority

Ensuring your security is just as important to us as delivering a consistent, thoughtful user experience. We have various measures and policies in place to protect the data of all our users. We strongly believe in being transparent when it comes to security and have outlined our practices below for your knowledge.

We use a top-notch data center

We use Amazon Web Services (AWS) for our data center. AWS is the most used and most reliable hosting service in the world. Their security standards are unrivaled and their services are designed for high-volume data center operations. AWS offers expert insights on operational services—they alway have us and you covered.


Backlog by Nulab continuously seeks to protect your data with the highest standards in the industry, which is why we've worked to achieve compliance with ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27018. You can view and download the Nulab ISO 27001 certificate here, the Nulab ISO 27017 certificate here, and the Nulab ISO 27018 certificate here.

We treat your data with care

We have strict policies about who can access our servers. Backlog servers can only be accessed from our environment firewall on AWS and only operational team members can access that environment. Our operational team members are restricted from accessing the servers except for authorized routine checks and further investigation into user feedback such as bugs. Backlog users have ZERO access to our servers directly.

We backup your data for peace of mind

Backlog has two countermeasures in case of server failure, human error, etc. Database server forwards data to other server in real-time and copies in an instant. What does this mean for your data? If the database server fails for any reason, it is possible to resume using Backlog with cloned data.

A full backup for Backlog data is done once per day. This is known as generation management. What does this mean for your data? If we lose messages due to an operational mistake, we can rollback the messages to the previous two weeks.

Backup data stored in AWS is housed in an extremely durable facility(*), the probability of data being lost due to a failure is almost equal to zero.

(*) AWS states its storage durability is 99.999999999%. If we store 10,000 objects with AWS, on average we may lose one of them every 10 million years or so. ( document: )

We prohibit unauthorized access

We have powerful systems in place to protect against application vulnerability and prevent malicious third parties from accessing your data on Backlog.

All http connections are encrypted

All Backlog connections on web and mobile are encrypted by SSL. What does this mean for your data? If a malicious third party attempted to eavesdrop on your communications, they would not be able to comprehend anything.

Security issues are handled with priority

We have a set of procedures in place in the event of a vulnerability. All Backlog users will be notified immediately following any security concerns—you’ll always know what we know.

Backlog is always up to perform

Each day we ensure that Backlog meets and exceeds the expectations of an instant messaging tool for business. We perform server monitoring, troubleshooting, and planned updates. We are always taking actions to improve our application and your experience.

Distributed and managed in various locations

AWS has multiple data centers that are dispersed in remote areas around the world. Even in the event that a data center is down due to failure, a recovery data center is able to seamlessly continue service.

Monitoring server and troubleshooting

We monitor server reports 24/7. Our monitoring system notifies our operational team of system abnormalities. Our team follows up on reported abnormalities as soon as they come in.
We are currently crafting an operational manual tailored for the event of a data center failure that will allow us to perform a rapid restoration.

You get the latest information about failure and maintenance

We inform users of planned maintenance outages a week in advance with in-app announcements and Twitter posts.
Our Twitter account also publishes when Backlog is done. If the problem is persistent, we will outline a report on our blog.