Security at Nanaja

Infrastructure Security

• All infrastructure is hosted in Canadian data centres with physical access controls and 24/7 surveillance
• Network segmentation and micro-segmentation isolate customer workloads
• DDoS mitigation and web application firewall (WAF) protection on all ingress points
• Redundant power, cooling, and network connectivity across multiple availability zones

Data Protection

• Encryption at rest using AES-256 for all stored data
• Encryption in transit using TLS 1.3 for all communications
• Customer-managed encryption keys (CMEK) available for enhanced control
• Data never leaves Canadian borders — no cross-border replication or processing
• Automated backups with configurable retention policies

Access Controls

• Role-based access control (RBAC) with principle of least privilege
• Multi-factor authentication (MFA) enforced for all accounts
• SSO integration with SAML 2.0 and OIDC providers
• Comprehensive audit logging for all administrative actions
• Employee access to customer data is strictly controlled and audited

Monitoring and Incident Response

• 24/7 security monitoring with automated threat detection
• Incident response plan with defined escalation procedures and SLAs
• Regular penetration testing by independent third-party firms
• Vulnerability scanning and patch management on a continuous basis

Compliance and Certifications

We are actively pursuing industry certifications and maintain compliance with Canadian privacy regulations.

Responsible Disclosure

If you discover a security vulnerability, we encourage responsible disclosure. Please report findings to security@nanaja.ca. We commit to acknowledging reports within 24 hours and providing updates on remediation progress.