Trust Center

ISO 27001 Certification

Nanitor has been ISO 27001 certified since 2023. Unlike standard implementations, we have adopted the full ISO 27001:2022 control set without exclusions. This means every control in our Statement of Applicability is active, ensuring we adhere to the strictest international standards for confidentiality, integrity, and availability.

Scope of Certification

Our certification covers:

We are fully committed to data privacy and transparency. We provide a standard Data Processing Agreement (DPA) for all clients to ensure full compliance with GDPR and relevant privacy laws. Our platform is built on a Privacy by Design philosophy, ensuring personal data is protected by default.

Global Data Residency

We understand the importance of data sovereignty. To meet the compliance needs of our international customer base, we offer regional data hosting. Whether you require your data to reside within the EU/EEA or other specific regions, we ensure your information remains within your required jurisdiction.

Nanitor is committed to complying with the EU General Data Protection Regulation (GDPR).

We have implemented technical and organisational measures designed to meet GDPR requirements, and our information security management system is certified to ISO/IEC 27001, which supports our approach to data protection, risk management, and security controls.

GDPR compliance is an ongoing process, and we continuously review and improve our practices to ensure the protection of personal data and the rights of data subjects.

We view security as the foundation of our development lifecycle, supported by robust policies and automated controls:

• Secure by Design: We follow OWASP guidelines and ensure strict network and environment segregation.
• Automated Assurance: Every code commit undergoes automated vulnerability scanning and mandatory peer review before release.
• Continuous Validation: Our security posture is validated through continuous internal testing and annual external penetration tests.