Nitro Security Overview

Nitro’s commitment to data security is one of our core values, and our philosophy is simple: We protect your data as carefully as we would want anyone to protect our own. Our success as a company depends on earning and maintaining your trust by ensuring your information is always safe. Every day, we protect the data of more than 600,000 businesses, including IBM, Pfizer, Swiss Re, Continental, and Colliers International. Over half of the Fortune 500 trust Nitro. You can too.


Our team

Security is part of Nitro’s DNA. Our team consists of industry veterans with deep backgrounds related to security-sensitive industries, such as finance and government agencies. We believe experience matters when it comes to security, but we’re also working to improve our practices and understand new risks and trends in data security. We take this approach with all of our business processes across the organization, including internal policies, our Software Development Lifecycle (SDLC), and platform operations.


Secure by design

We follow industry best practices to transfer, process, and store customer data.

All Cloud-enabled features make use of state-of-the-art computing facilities that satisfy industry standards such as PCI DSS, HIPAA, SSAE 16, and SOC.

Nitro protects documents in motion and at rest with digital audit trails and SSL AES encryption. Through extensive logging and instrumentation, we monitor our production environment in order to audit security, availability, access, and other metrics for our services. We use a combination of automated tools and manual inspection to ensure constant oversight of security events.

We use Amazon Web Services (AWS) for much of our cloud infrastructure. AWS has extensive documentation regarding their security practices on their website. AWS employs cutting-edge data security measures, as well as physical access restrictions at server locations. The list of AWS certifications, including ISO 27001 and SOC reports 1, 2, and 3, is available here.


Third-party security audits

We hire external experts to perform regular security audits of Nitro. These rigorous assessments ensure not only that our practices are up to date with current standards, but also that we’ve tested Nitro against the latest vulnerabilities identified by security professionals. Our customers may perform audits too, which we invite and facilitate.


Confidentiality

We go to great lengths to make sure no one sees or processes your data unless they’re authorized to do so, and exceptions are strictly limited. All employees are subject to background checks, and access to production servers is limited to engineers who directly need to work with our production systems. We build our machine learning tools so that employees aren’t exposed to customer data while working on production issues. The only exceptions to this rule are when Nitro employees are investigating active security events or system outages whose resolution requires viewing the critical section of data. Nitro’s CEO or VP of Engineering must approve these exceptions.


Nitro Pro minimizes security risk

Nitro Pro uses a proprietary code base and fully owned intellectual property that minimizes the surface area for exfiltration. We have written the code base to be insusceptible against threat vectors designed to penetrate Adobe Acrobat and other PDF applications. We don’t support sources of risk such as Adobe Flash and other Adobe plugins, and we use a constrained subset of Javascript within Nitro Pro.


More information

Customer support is a top priority. All enterprise customers have a dedicated customer success manager, and we staff 24/7 worldwide coverage for tickets submitted via our support site.

We invite your questions and concerns about data security and privacy. We welcome the opportunity to partner with you to ensure that Nitro meets your company’s workflow and security needs. Please contact us at info@gonitro.com.

For more about personally identifiable information (PII) and privacy in general, please read our privacy policy.


Report a vulnerability

If you find a security vulnerability related to Nitro, we want to know ASAP. Please contact us at security@gonitro.com.

You've submitted too many forms with this email:

You are only allowed up to three form submissions with any given email in a 30 minute timeframe. Please allow 30 minutes before submitting another form.

Thank you,
The Team at Nitro