Nemo logo
Back to Nemo

Security

Glossary of Terms

Map: the basic unit of both content and authorization in Nemo (docs)

User: a person that has logged in to Nemo with Google SSO

Anonymous Visitor: a person accessing Public URL Nemo Maps without logging in as a User

Integration: a User-level connection to an outside system that may be used to import data into Nemo and sync data from Nemo to the outside system (docs)

Team: a shared account where Users may privately collaborate on multiple Maps. Team membership is currently managed by request to Nemo personnel. There are no external APIs to add or remove Users from Teams.

Authentication

Nemo uses Google OAuth for User authentication. Nemo stores only the email address and name associated with the Google identity.

Authorization

Maps support three access levels:

  • Private

    • The Map is only accessible by the User that created the Map. This is the default state for every new Map created in Nemo.
    • In order to view a Private Map, a User must have a temporary cookie resulting from a valid Google OAuth authentication flow, must know the UUID of the Map, and must be the owner of the Map in the Nemo database.

  • Team-owned

    • The Map is accessible by all Users on the Team that owns the Map. Users not on the owning Team and Anonymous Visitors cannot access the Map.
    • In order to view a Team-owned Map, a User must have a temporary cookie resulting from a valid Google OAuth authentication flow, must know the UUID of the Map, and must be a member of the Team that owns the Map in the Nemo database. Map ownership may only be transferred from User to Team, and the APIs to do so are protected by standard session-based authentication.

  • Public URL

    • The Map is accessible to any User or Anonymous Visitor with the URL.
    • In order to view a Public URL Map, a User or Anonymous Visitor must know the UUID of the Map.

Integrations

Integration metadata is stored in a PostgreSQL database as Nodes, which are only visible as part of Maps.

Users can delete configured Integrations at any time, which immediately removes Nemo’s access to the integrated system on that User’s behalf.

Integration metadata stored in Nemo:

  • Jira: issue titles, URLs, keys, labels, and issue links
  • Linear issue titles, URLs, keys, labels, and issue links
  • Trello: card titles, URLs, IDs, labels, and attachments to other Trello cards (no other attachment data is retained)

Audit Log

Each Nemo map has an audit log of the most recent changes, including the type, time, and author of each change. This log is visible to all users with access to the map. (docs)

Infrastructure

Nemo uses a SOC2-certified cloud service for database and API hosting.

Terms of Service

Nemo’s Terms of Service