Integrations

Nautilus connects to your existing tools. No rip-and-replace.

View all integrations
Accounting & ERP
QuickBooksCloud accountingXeroOnline accountingFreshBooksInvoicing & booksSAP Business OneSMB ERPNetSuiteCloud ERP suiteSageAccounting & finance
E-commerce & POS
ShopifyOnline storesWooCommerceWordPress commerceAmazonMarketplace syncSquarePOS & paymentsBigCommerceEnterprise ecomLightspeedRetail POS
Shipping & Logistics
ShipStationMulti-carrier labelsShippoShipping APIEasyPostCarrier abstractionFedExDirect carrier syncUPSDirect carrier syncDHLInternational shipping
Industries

Purpose-built warehouse intelligence for your vertical.

View all industries
Flooring & Building MaterialsHardwood, tile, adhesivesManufacturing & AssemblyParts, kits, sub-assembliesFood & BeverageLot tracking & FEFOAutomotive & PartsCatalogs and dealer opsPharmaceuticals & MedicalCompliance-first inventoryE-commerce & 3PLMulti-tenant & white-labelElectrical & Plumbing SupplyFittings, fixtures, kitsAgriculture & SeedSeasonal & bulk inventory
Explore

Plans, resources, company information, and legal documents.

Ask Nautilus
Chat with our AI for pricing, comparisons, and instant answers.
Plans & Tools
PricingPlans for every team sizeROI CalculatorEstimate your annual savingsCompareNautilus vs alternatives
Resources
Ask NautilusChat with our AI assistantBlogOperations insights & updatesHelp CenterGuides and FAQs
Company
ContactTalk to our team
Legal
PrivacyHow we handle your dataTermsService agreementSecuritySecurity practices

Security

What follows is the security governing your relationship with Nautilus WMS, Inc. Plain-English summaries appear in the right margin throughout — they're for reference; the body text on the left is what's legally binding.

Security architecture

Nautilus is built on a zero-trust security architecture. Every request is authenticated and authorized regardless of network location. Our infrastructure runs on isolated virtual private clouds with no public-facing databases. All internal service communication is encrypted and authenticated using mutual TLS. We employ defense-in-depth with multiple layers of security controls at the network, application, and data levels.

Encryption

All data in transit is encrypted using TLS 1.3 with forward secrecy. Data at rest is encrypted using AES-256. Encryption keys are managed through a dedicated key management service with automatic key rotation every 90 days. Database backups are encrypted with separate keys. API tokens and credentials are hashed using bcrypt with a minimum cost factor of 12.

Authentication and access

Nautilus supports multi-factor authentication (MFA) for all user accounts and requires it for administrator accounts. We support SAML 2.0 SSO integration with major identity providers. Role-based access control (RBAC) allows granular permission management. Session tokens expire after 24 hours of inactivity. All authentication events are logged and monitored for anomalous patterns.

Infrastructure security

Our infrastructure is hosted in SOC 2 Type II certified data centers with physical security controls including biometric access, 24/7 surveillance, and environmental monitoring. We use container orchestration with automatic scaling and self-healing capabilities. Network segmentation isolates customer environments. Web application firewalls protect against OWASP Top 10 vulnerabilities. DDoS protection is provided at the network edge.

Monitoring and incident response

We maintain 24/7 security monitoring with automated alerting for suspicious activity. Our security operations team investigates alerts within 15 minutes. We maintain a documented incident response plan that is tested quarterly through tabletop exercises. In the event of a security incident affecting customer data, we will notify affected customers within 72 hours as required by applicable regulations.

Compliance and certifications

Nautilus maintains SOC 2 Type II certification, audited annually by an independent third party. We are compliant with GDPR, CCPA, and HIPAA where applicable. Our security practices align with the NIST Cybersecurity Framework and CIS Controls. We conduct annual third-party penetration tests and quarterly internal vulnerability assessments. Audit reports are available to enterprise customers under NDA.

Vulnerability management

We maintain a responsible disclosure program for security researchers. Critical vulnerabilities are patched within 24 hours, high severity within 72 hours. All code changes go through automated security scanning in our CI/CD pipeline. Dependencies are monitored continuously for known vulnerabilities using automated tools. We perform regular code reviews with a focus on security-sensitive components.

Business continuity

Data is replicated across multiple availability zones with automatic failover. Recovery point objective (RPO) is 1 hour and recovery time objective (RTO) is 4 hours. We maintain encrypted daily backups retained for 90 days. Our disaster recovery plan is tested bi-annually with full failover exercises. Business continuity documentation is reviewed and updated quarterly.