Security

Date of Last Revision: June 2024

Technical security

At Nanoconomy, we treat privacy and data security as our top most priority. Here, we have documented some of the ways we make sure your information is always safe and secure when you’re using Nanoconomy.

Server-side Encryption

At Nanoconomy your at-rest data and metadata is encrypted under the 256-bit Advanced Encryption Standard before it is written to disk, and each encryption key is itself encrypted with a regularly rotated set of master keys.

Transport Layer Security

To protect your data as it travels over the Internet during read and write operations, Nanoconomy uses Transport Layer Security (HTTPS).

Robust Access management

Access to user data on Nanoconomy is maintained via strict database level security rules to protect privacy and data confidentiality. By default, authenticated users have access to their own data only. Users can opt to share their data with their teammates via shared projects or by choosing to invite ohter users explicitly.

Payment processing

All payment related services are provided by Stripe, which is certified as a PCI Level 1 Service Provider. Nanoconomy does not and cannot store or access sensitive payment information.

Comprehensive Authentication Security

Nanoconomy uses firebase authentication framework built by the same team that developed Google Sign-in, Smart Lock and Chrome Password Manager, Firebase security applies Google’s internal expertise of managing one of the largest account databases in the world.

Application Security

Nanoconomy follows industry standard best practices for product development. All our releases and new features are thoroughly tested for security vulnerability before deployment.

In addition, Nanoconomy is equipped with thorough internal logging and audit trail features that provide transparency into usage and access. With the help of Google’s infrastructure, we get alerted to and react quickly to all security concerns.

Nanoconomy’s infrastructure is entirely hosted on Google Cloud Platform (GCP) which takes advantage of the same security model as Google Apps like Gmail and Search. A detailed whitepaper on security policy can be downloaded here:
https://services.google.com/fh/files/misc/google_security_wp.pdf

Data Center Physical Security

Nanoconomy uses Google’s data centers and servers that are located in USA. These data centers feature a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. The data center floor features laser beam intrusion detection.

Moreover, these data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders. Access logs, activity records, and camera footage are reviewed in case an incident occurs. Nanoconomy employees do not have physical access to these servers and data centers.

Data security

Encryption

All data on Nanoconomy is automatically encrypted at rest and in transit. Any new data stored in persistent disks is encrypted under the 256-bit Advanced Encryption Standard (AES-256), and each encryption key is itself encrypted with a regularly rotated set of master keys.

During transit, all read and write operations on Nanoconomy are protected using Transport Layer Security (HTTPS).

Access

The storage stack and secured layers of Nanoconomy application require that incoming requests are authenticated and authorized. Data stored in our noSQL cloud database is protected by database level security rules and Google’s Identity and Access Management (IAM). Only authorized employees at Nanoconomy have electronic access to user data.

Customer data is logically isolated from that of other customers and users, even when it’s stored on the same physical server. Only a small group of Google employees have access to customer data.

Disposal

User deleted data on Nanoconomy is immediately wiped from our production database. Some critical deleted data like the project structure remains in our backup storage for 30 days, after which it is wiped from there as well. In the event that customers are unable to delete their data, they can also reach out to Nanoconomy support to get their data wiped.

When retired from Google’s systems, hard disks containing customer information are subjected to a data destruction process before leaving Google’s premises.

Backups

All customer data and account content on Nanoconomy is backed up regularly on a separate cloud storage.

Billing

Nanoconomy does not store or transmit any sensitive payment data. All of our payment services are handled securely by our payments partner, Stripe, which is certified as a PCI Level 1 Service Provider.

You can read more about Stripe’s privacy and security policy here: https://stripe.com/privacy.

Nanoconomy has the operational, product, and policy frameworks in place to support the rights and obligations under the General Data Protection Regulations (GDPR). Learn more about our GDPR initiatives here.