Effective 2026-03-31 · v1.1

Privacy Policy

Privacy Policy

Effective: March 31, 2026

This Privacy Policy describes how nano, LLC ("Nano", "we", "us", or "our") collects, uses, and protects your information when you use the Nano platform ("Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address — for account identification and communication.
  • Password — stored using industry-standard hashing (never in plain text).
  • Organization details — company name and team information you provide during onboarding.
  • Billing information — payment details processed securely through Stripe; we do not store full credit card numbers.

Log Data

When you use the Service, your systems transmit security log data to Nano for analysis. This log data may contain:

  • System events, network traffic metadata, authentication events, and application logs.
  • IP addresses, hostnames, usernames, and other identifiers present in your logs.
  • Any other data your configured log sources transmit to the Service.

You are responsible for ensuring that log data sent to Nano does not contain information you are prohibited from sharing, and that you have the necessary rights and consents to transmit such data.

Usage Analytics

We automatically collect:

  • Service usage data — features used, queries run, dashboards viewed, and alert interactions.
  • Device and browser information — browser type, operating system, and screen resolution.
  • IP address and approximate location — for security, rate limiting, and analytics.
  • Cookies and similar technologies — see Section 7 below.

2. How We Use Your Information

We use collected information to:

  • Provide and maintain the Service — process and analyze your log data, generate alerts, and power AI-driven triage.
  • Improve the Service — analyze usage patterns, identify bugs, and develop new features.
  • Communicate with you — send account notifications, security alerts, product updates, and respond to support requests.
  • Process payments — manage subscriptions and billing through our payment processor.
  • Ensure security — detect and prevent fraud, abuse, and unauthorized access.
  • Comply with legal obligations — respond to lawful requests from authorities and comply with applicable laws.

3. AI and Data Processing

The Service uses artificial intelligence and large language models (LLMs) to analyze log data and provide alert triage. In connection with AI features:

  • Your log data may be processed by AI models to generate insights and recommendations.
  • We may use third-party AI providers (such as Anthropic or OpenAI) to process queries. When third-party providers are used, data is transmitted securely and subject to our data processing agreements with those providers.
  • AI providers are contractually prohibited from using your data to train their models.
  • We may use aggregated, anonymized data to improve our AI models and the Service.

4. Third-Party Services

We share information with the following categories of third-party service providers:

Provider Purpose Data Shared
Stripe Payment processing Billing info
Resend Transactional email Email, name
Cloud infra Hosting and compute Log data (encrypted)
AI/LLM providers Alert analysis and triage Log data excerpts

Cloud infrastructure providers include Rackspace, Hetzner, AWS, GCP, Civo, Vultr, and DigitalOcean. The specific provider(s) used for your deployment depend on your selected region and tier. All log data is encrypted at rest and in transit.

We do not sell your personal information to third parties.

5. Data Retention

  • Account data — retained for the duration of your account, plus 30 days after deletion to allow for recovery.
  • Log data — retained according to your subscription tier's retention limits. After expiration, log data is permanently deleted within 30 days.
  • Usage analytics — individual usage data is aggregated and anonymized within 90 days of collection. Aggregated data is retained for up to 24 months.
  • Billing records — retained as required by applicable tax and financial regulations.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

GDPR (European Economic Area)

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate personal data.
  • Erasure — request deletion of your personal data ("right to be forgotten").
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction — request restricted processing of your data.
  • Objection — object to processing based on legitimate interests.

CCPA (California)

  • Know — request disclosure of personal information collected about you.
  • Delete — request deletion of your personal information.
  • Opt-out — opt out of the sale of personal information (we do not sell personal information).
  • Non-discrimination — exercise your rights without discriminatory treatment.

To exercise any of these rights, contact us at . We will respond within 30 days (or as required by applicable law).

7. Cookies and Tracking

We use the following types of cookies:

  • Essential cookies — required for authentication, session management, and security. Cannot be disabled.
  • Analytics cookies — help us understand how the Service is used. Can be disabled in your browser settings.

We do not use third-party advertising cookies or cross-site tracking. Where required by applicable law (e.g., GDPR), non-essential cookies are not set until you provide consent. You may withdraw consent at any time by clearing your browser cookies or adjusting your cookie preferences.

8. Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption — all data is encrypted in transit (TLS 1.2+) and at rest.
  • Access controls — role-based access controls and principle of least privilege for internal systems.
  • Credential storage — cloud provider credentials are encrypted at rest using AES-256.
  • Infrastructure security — hosted on SOC 2-compliant cloud infrastructure with regular security assessments.
  • Monitoring — continuous monitoring of our systems for unauthorized access and anomalies.

While we implement robust security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

9. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately and we will delete it.

10. International Data Transfers

Your data may be processed in countries other than your own. When transferring data internationally, we use appropriate safeguards including Standard Contractual Clauses (SCCs) and ensure adequate protection as required by applicable data protection laws.

11. Data Breach Notification

In the event of a security breach that affects your personal data or log data, we will:

  • Notify affected customers within 72 hours of discovering the breach, via the email address associated with your account.
  • Describe the nature of the breach, including the categories of data affected and the approximate number of records involved.
  • Outline the measures taken to address the breach and mitigate potential harm.
  • Provide guidance on steps you can take to protect yourself.
  • Notify relevant supervisory authorities as required by applicable law (e.g., GDPR Article 33).

We maintain an incident response plan and conduct regular security assessments to minimize the risk and impact of data breaches.

12. Data Processing Agreement

For business customers subject to GDPR or other data protection regulations that require a Data Processing Agreement (DPA), Nano offers a standard DPA that covers:

  • The scope and purpose of data processing.
  • Technical and organizational security measures.
  • Sub-processor obligations and disclosure.
  • Data subject rights and assistance.
  • Data deletion and return upon termination.

To request a copy of our DPA or execute a signed agreement, contact us at .

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before they take effect. The "Last Updated" date at the top indicates when the policy was last revised.

14. Contact

For questions about this Privacy Policy, to exercise your data rights, or to request a Data Processing Agreement, contact us at:

  • Email:
  • Address: nano, LLC, 1 West St, Unit #2038, Danbury, CT 06810, United States