Trust & Security

Access Control & Authentication

• Strict access controls with unique SSH keys for production databases
• Unique account credentials required for all application access
• Mandatory multi-factor authentication (MFA) for remote access
• Encrypted connections enforced across all environments

Data Protection & Privacy

• All customer data encrypted at rest and in transit
• Secure protocols for all information transmitted over public networks
• Stringent data retention and disposal policies
• Secure deletion following best practices and regulatory requirements

Monitoring & Incident Response

• Continuous monitoring via intrusion detection systems
• Log management tools for early breach detection
• Robust incident response policies with regular testing
• Rapid and effective response procedures

Governance, Risk & Compliance

• Comprehensive risk management program
• Regular control self-assessments
• Third-party penetration testing performed
• Adherence to industry security best practices
• Cybersecurity insurance maintained
• Mandatory security awareness training for all employees and contractors

Who can access your data

Internal access to customer data follows a strict least-privilege model. Only authorized personnel with a documented business need can access production data, and all access is logged and audited. We never access your data without a support reason — and we'll tell you when we do.

Your data, your exit

You own your data at all times. If you leave Naro, we provide a full data export and permanently delete your data from our systems within 30 days of offboarding. No lock-in, no lingering copies.

Business continuity & recovery

We maintain a documented business continuity and disaster recovery plan with regular testing. Data is backed up continuously, with point-in-time recovery capabilities. Our infrastructure is designed for redundancy so that disruptions don't become your problem.