Skip to content

Security at Nano AI

Every sub-processor, its purpose, and its hosting region is listed on this page — and the list is versioned.

01

Infrastructure & encryption

We deploy on established cloud providers and regions matched to each client's needs, with client-dedicated environments available for enterprise engagements. Data is encrypted with TLS 1.2 or higher in transit and AES-256 at rest — the standard we configure on every deployment.

02

Access control & secrets management

Access follows role-based, least-privilege principles, with multi-factor authentication mandatory on all company systems, quarterly access reviews, and offboarding completed within 24 hours of a staff departure.

No credentials live in application code. Secrets are held in managed secret stores, and client credentials are never shared through chat tools.

03

Development practices

All code changes go through review, environments are separated (development, staging, production), and versioned prompts are treated as code — reviewed, tested, and rolled back like any other change.

04

Sub-processor & vendor list

We maintain a published table of every sub-processor — model providers, cloud infrastructure, our WhatsApp Business Solution Provider, and analytics tools — listing its purpose, the data it touches, and its hosting region. The list is updated within 30 days of any change, and clients on a Data Processing Agreement are notified directly.

05

Certification status & vulnerability disclosure

We operate an ISO 27001-aligned policy set — covering information security, access control, encryption, vendor management, incident response, business continuity, and acceptable use — with a certification audit planned for H1 2027. We have not yet obtained ISO 27001 certification, and we say so plainly rather than implying otherwise.

If you believe you have found a security vulnerability, contact security@nano-ai.net. We aim to respond within 3 business days.

FAQ

Frequently asked questions

01

02

Chat on WhatsApp