Trust & Security

Last updated: January 7, 2026

At NanoQuote, we take the security of your data seriously. We've built our platform on best-of-breed infrastructure providers who maintain the highest levels of security and compliance. While we are not independently certified, we follow industry best practices and rely on certified, trusted partners to ensure your data is protected.

Our Approach

We believe in transparency and using the right tools for the job. Rather than building our own security infrastructure, we partner with industry leaders who specialize in security and maintain rigorous compliance certifications. This means you benefit from enterprise-grade security without enterprise complexity.

Our Security Partners

Every component of NanoQuote is built on trusted, certified infrastructure:

WorkOS

Authentication & Identity

Enterprise-grade authentication and user management

SOC 2 Type IIGDPRHIPAA Ready

Convex

Backend & Database

Real-time backend platform with built-in security

SOC 2 Type IIEncryptionGDPR

Microsoft Azure

Cloud Infrastructure

Enterprise cloud hosting with global compliance

SOC 2ISO 27001FedRAMP

Polar

Billing & Payments

Secure subscription billing powered by Stripe

PCI-DSSStripe PoweredGDPR

WorkOS

Authentication & Identity

Enterprise-grade authentication and user management

SOC 2 Type IIGDPRHIPAA Ready

Authentication Security

  • Enterprise Single Sign-On (SSO) with SAML and OIDC
  • Multi-factor authentication (MFA) support
  • Secure session management with automatic timeout
  • Brute-force protection and rate limiting

Compliance & Certifications

  • SOC 2 Type II certified
  • GDPR compliant with EU data handling
  • HIPAA-ready for healthcare customers
  • Regular third-party security audits
Learn more about WorkOS security

Convex

Backend & Database

Real-time backend platform with built-in security

SOC 2 Type IIEncryptionGDPR

Data Protection

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 encryption for all data in transit
  • Automatic daily backups with point-in-time recovery
  • Multi-tenant isolation with strict data boundaries

Infrastructure Security

  • SOC 2 Type II certified infrastructure
  • Hosted on AWS with enterprise-grade security
  • Automatic security patches and updates
  • Real-time monitoring and anomaly detection
Learn more about Convex security

Microsoft Azure

Cloud Infrastructure

Enterprise cloud hosting with global compliance

SOC 2ISO 27001FedRAMPGDPR

Global Compliance

  • 90+ compliance certifications worldwide
  • SOC 1, SOC 2, and SOC 3 certified
  • ISO 27001, ISO 27017, ISO 27018 certified
  • GDPR, CCPA, and regional privacy compliance

Security Infrastructure

  • DDoS protection at network edge
  • Web Application Firewall (WAF)
  • Network isolation and private endpoints
  • 24/7 security operations center monitoring
Learn more about Microsoft Azure security

Polar

Billing & Payments

Secure subscription billing powered by Stripe

PCI-DSSStripe PoweredGDPR

Payment Security

  • PCI-DSS Level 1 compliant (via Stripe)
  • No credit card data stored on our servers
  • Tokenized payment processing
  • Fraud detection and prevention

Data Handling

  • GDPR compliant billing operations
  • Minimal data collection for transactions
  • Secure subscription management
  • Encrypted billing communications
Learn more about Polar security

Our Security Practices

Beyond our infrastructure partners, we implement additional security measures:

Access Control

  • Role-based access control (RBAC) for organization members
  • Principle of least privilege for all system access
  • Multi-tenant data isolation between organizations
  • Audit logging of all administrative actions

Data Protection

  • All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Regular automated backups with point-in-time recovery
  • Data retention policies configurable by organization
  • Secure data export and deletion capabilities

Application Security

  • Secure software development lifecycle (SDLC)
  • Regular dependency updates and vulnerability scanning
  • Input validation and output encoding to prevent injection attacks
  • Content Security Policy (CSP) headers to prevent XSS

Operational Security

  • Monitoring and alerting for anomalous activity
  • Incident response procedures documented and tested
  • Regular security reviews and improvements
  • Responsible disclosure policy for security researchers

Compliance Summary

Important Note

NanoQuote itself is not independently certified for compliance standards like SOC 2 or ISO 27001. However, we build exclusively on infrastructure providers who maintain these certifications, and we follow the same security best practices they require. This approach gives you enterprise-grade security through our certified partners.

Certifications Held by Our Partners

CertificationCovered ByWhat It Means
SOC 2 Type IIWorkOS, Convex, AzureIndependent audit of security controls over time
ISO 27001AzureInternational standard for information security management
PCI-DSS Level 1Polar (via Stripe)Highest level of payment card security compliance
GDPRAll partnersEU data protection regulation compliance
HIPAA ReadyWorkOS, AzureHealthcare data protection readiness

Security Questions & Reporting

We welcome questions about our security practices and responsible disclosure of vulnerabilities.

Security inquiries:

Email: security@nanoquote.app

Privacy matters:

Email: privacy@nanoquote.app

General support:

Email: support@nanoquote.app

Responsible Disclosure

If you discover a security vulnerability, please report it to security@nanoquote.app. We appreciate your help in keeping NanoQuote secure and will acknowledge your report within 48 hours.

Related Documents