Contact Sales »

Nitro’s Dedication to Security and Compliance

With information security at the heart of all we do, the Nitro team bases our success on how well we earn and maintain our customers’ trust. Every day, we protect the data of more than 650,000 businesses, including Xerox, Swiss Re, Continental, Constellation Energy, and Barclays.

Over half of the Fortune 500 trust Nitro. You can too.

Notre équipe

Nitro makes working with documents more efficient, more modern, and more secure. Our full-time team of information security experts is dedicated to gaining and maintaining your trust by keeping our information systems secure and your data protected.

Nitro security principles:

  • We are secure by design: Always on. Always reliable. Always secure.
  • All customer assets must be protected on a “need-to-know” and “least-privilege” basis.
  • Nitro security controls are pragmatic and risk-based.
  • Security is an integral part of the design, creation, and implementation of all Nitro components.
  • The tools we use support excellent security, reduce friction, and fit seamlessly into the way you work.
  • We meet and exceed our regulatory compliance obligations through strict observance of standards.

La sécurité par conception

Since we consider data security to be our number-one job and priority, we build security into each stage of the System Development Lifecycle for all Nitro products.

We follow industry best practices to transfer, process, and store customer data. All Nitro cloud–enabled features use state-of-the-art computing facilities that satisfy key industry standards, such as PCI DSS, HIPAA, and SOC. Our primary data center is in the EU in Frankfurt, Germany.

Nitro protects documents in motion and at rest with digital audit trails and SSL AES encryption. Through extensive logging and instrumentation, we monitor our production environment to audit security, availability, access, and other metrics for our services.

We use a combination of automated tools and manual inspection to ensure constant oversight of security events. For much of our cloud infrastructure, we use Amazon Web Services (AWS), which provides extensive documentation about their security practices here. AWS employs cutting-edge data security measures, as well as physical access restrictions at server locations. The list of AWS certifications, including ISO 27001 and SOC reports 1, 2, and 3, is available here.

For a full list of Nitro certifications, including SOC 2 Type 2, HIPAA, and Privacy Shield, please click here.

Click here to see the latest security updates from Nitro »

Trust but verify

At Nitro, we test our platforms and products every day. We commission external industry experts to perform regular security audits and penetration tests of Nitro. These rigorous assessments ensure that our practices are not only up to date with current standards, but that we’ve also tested and fortified Nitro against the latest vulnerabilities identified by security professionals.


We go to great lengths to ensure no one sees or processes your data unless they’re authorized to do so—and we strictly limit exceptions. All employees are subject to background checks, and access to production servers is limited solely to engineers who need to work directly with our production systems.


  • SOC 2 Type 2


  • Privacy Shield
  • GDPR

eSignature regulations

  • UETA & E-Sign Act (U.S.)
  • eIDAS (E.U.)


  • NIST SP 800-53
  • ISO 27000 Suite
  • Center for Internet Security (CIS) Framework
  • Cloud Security Alliance (CSA) for Cloud Controls Framework

Nitro security features

  • Chain of Trust, digital signatures, and secure electronic signatures
  • Document redaction, whiteout, and metadata removal
  • Document permissions and password protection
  • Microsoft RMS 2.0 integration
  • 256-bit Advanced Encryption Standard (AES)
  • Document activity tracking and notifications
  • Secure user management

Equip your workers with the tools they need.