NanoScan is built to protect your documents, your data, and your clients. This page outlines how.
Infrastructure
NanoScan runs on AWS — one of the most trusted cloud infrastructure providers in the world. All services are deployed via AWS ECS with environment-level isolation. Infrastructure activity is monitored continuously via AWS CloudWatch.
Encryption
All data in transit is encrypted using TLS 1.2 or higher. All data at rest — including documents you upload — is encrypted using AES-256. Encryption is applied at every storage layer.
Document Security
Documents you upload are processed in isolated analysis pipelines. They are not shared between users. They are not used to train models without consent. Access is restricted to your authenticated session only.
Authentication
NanoScan uses Google OAuth for account authentication — no passwords stored on our servers. Session tokens are short-lived and invalidated on logout.
Payment Security
All payments are processed by Stripe. NanoScan never stores, transmits, or has access to your full card details. Stripe is PCI-DSS Level 1 certified.
Application Security
NanoScan uses Sentry for real-time error monitoring across both frontend and backend. Our engineering team reviews security events continuously. Vulnerabilities are patched on a priority basis.
Access Controls
Internal access to production systems is restricted by role. No contractor or third party has standing access to user data. Access logs are maintained and reviewed.
Responsible Disclosure
Found a vulnerability? We want to know. Contact us at security@nanoscan.ai. We take all reports seriously and respond within 48 hours.
Contact
XTRA Capital Advisory Inc. 142 W 57th Street, Suite 1029 New York, NY 10019 security@nanoscan.ai