Security
Enterprise-grade security, built in
Your documents contain sensitive, high-value information. Gnan is architected with security at its core — not as an afterthought.
SOC 2 Type II
Independently audited security controls with annual recertification.
GDPR Compliant
Full compliance with EU data protection regulation requirements.
ISO 27001
Information security management system certified.
SOC 2 Type I
Design effectiveness of security controls verified.
Security Architecture
How we protect your data
Encryption at Every Layer
All documents and data are encrypted using AES-256 at rest and TLS 1.3 in transit. Encryption keys are managed through a dedicated Key Management Service (KMS) with automatic rotation policies.
- AES-256 encryption at rest
- TLS 1.3 for all data in transit
- Automatic key rotation via KMS
- Client-side encryption option for Enterprise
Authentication & Access Control
Enterprise-grade authentication with support for SSO, SAML 2.0, and multi-factor authentication. Role-based access control ensures users only see what they're authorized to access.
- SSO via SAML 2.0 and OIDC
- Multi-factor authentication (MFA)
- Role-based access control (RBAC)
- IP allowlisting and session management
Complete Data Isolation
Every organization's data is fully isolated at the infrastructure level. Your documents, models, and extracted data are never shared or accessible to other tenants.
- Dedicated database schemas per tenant
- Isolated processing pipelines
- No cross-tenant data access possible
- Separate encryption keys per organization
Flexible Deployment Options
Deploy Gnan in the environment that meets your compliance requirements — our managed cloud, your private cloud (AWS, Azure, GCP), or fully on-premises.
- Managed SaaS cloud deployment
- Virtual Private Cloud (VPC) hosting
- On-premises installation available
- Hybrid cloud configurations
Audit Logging & Monitoring
Comprehensive audit trails capture every action taken on the platform. Real-time monitoring and alerting ensure suspicious activity is detected immediately.
- Immutable audit logs for all actions
- Real-time anomaly detection
- Exportable compliance reports
- Integration with SIEM systems
Data Privacy & Governance
We do not use your documents to train AI models. Your data remains yours. Configurable retention policies and automated data lifecycle management keep you in control.
- No model training on customer data
- Configurable retention policies
- Right to deletion (GDPR compliant)
- Data Processing Agreements available
Infrastructure
Built on trusted infrastructure
Gnan runs on enterprise-grade cloud infrastructure with multi-region redundancy, automated failover, and continuous monitoring. Our platform is designed for 99.9% uptime with zero data loss.
Multi-Region Redundancy
Data is replicated across geographically distributed data centers for disaster recovery and low-latency access.
Automated Backups
Continuous backups with point-in-time recovery capabilities. Backup data is encrypted and stored in separate availability zones.
DDoS Protection
Built-in distributed denial-of-service protection with automatic traffic analysis and mitigation at the network edge.
Vulnerability Management
Regular penetration testing, automated dependency scanning, and responsible disclosure program for security researchers.
Have security questions?
Our security team is available to discuss your requirements, provide compliance documentation, or schedule a security review.