Nitro makes working with documents more efficient, more modern, and more secure. Our full-time team of information security experts is dedicated to gaining and maintaining your trust by keeping our information systems secure and your data protected.
Since we consider data security to be our number-one job and priority, we build security into each stage of the System Development Lifecycle for all Nitro products.
We follow industry best practices to transfer, process, and store customer data. All Nitro cloud–enabled features use state-of-the-art computing facilities that satisfy key industry standards, such as PCI DSS, HIPAA, and SOC. Our primary data center is in the EU in Frankfurt, Germany.
Nitro protects documents in motion and at rest with digital audit trails and SSL AES encryption. Through extensive logging and instrumentation, we monitor our production environment to audit security, availability, access, and other metrics for our services.
We use a combination of automated tools and manual inspection to ensure constant oversight of security events. For much of our cloud infrastructure, we use Amazon Web Services (AWS), which provides extensive documentation about their security practices here. AWS employs cutting-edge data security measures, as well as physical access restrictions at server locations. The list of AWS certifications, including ISO 27001 and SOC reports 1, 2, and 3, is available here.
For a full list of Nitro certifications, including SOC 2 Type 2, HIPAA, and Privacy Shield, please click here.Click here to see the latest security updates from Nitro »
At Nitro, we test our platforms and products every day. We commission external industry experts to perform regular security audits and penetration tests of Nitro. These rigorous assessments ensure that our practices are not only up to date with current standards, but that we’ve also tested and fortified Nitro against the latest vulnerabilities identified by security professionals.
We go to great lengths to ensure no one sees or processes your data unless they’re authorized to do so—and we strictly limit exceptions. All employees are subject to background checks, and access to production servers is limited solely to engineers who need to work directly with our production systems.