Security
Last updated: March 2026
Data protection is at the core of Nanga's architecture. This page describes the measures in place to ensure the security and confidentiality of processed information.
European hosting
All Nanga infrastructure is hosted within the European Union. The website is served by Vercel (EU infrastructure). Application data is stored on Supabase (EU hosting). No data is transferred outside the European Economic Area.
Encryption
All communications are encrypted in transit (TLS 1.2+). Data at rest is encrypted using AES-256 standards. Access keys are managed through secure environment variables, never stored in source code.
GDPR compliance
Nanga is designed in compliance with the General Data Protection Regulation (GDPR). Data processing is limited to the purposes described in the privacy policy. User rights (access, rectification, deletion, portability) are guaranteed and can be exercised at any time.
Access management
Access to data and production systems is restricted to authorized Nanga team members. Multi-factor authentication is required for all production environment access.
Sub-processors
Nanga uses a limited number of sub-processors, all bound by contractual confidentiality and security obligations compliant with the GDPR: Vercel (hosting), Supabase (database), Google Cloud Storage (Creative Benchmark media storage).
Contact
For any security-related question: security@nanga.tech