Trust & security
Privacy is the foundation,
not the feature.
We design Natura Inc. so that your data stays yours: minimal collection, strict access, encrypted everywhere, audited continuously.
Compliance posture
GDPR
European Union
Swiss FADP
Switzerland
SOC 2
Certified
Google CASA
Tier 2, in review
How we protect your data
Defense in depth, by default.
Encryption at rest
All persisted data is encrypted with AES-256 using managed keys rotated on a regular schedule.
Encryption in transit
Every connection uses TLS 1.3 with strong cipher suites. We disable legacy protocols and weak ciphers across our infrastructure.
Least-privilege access
Production systems are gated behind SSO, hardware-key MFA, and just-in-time access controls. No standing admin credentials.
Audit logs
Critical actions on user data are logged, immutable, and retained for review. Logs are stored separately from the systems they observe.
Secure development lifecycle
Static analysis, dependency scanning, and code review on every change. Production deploys flow through automated checks.
Vulnerability management
Continuous monitoring, regular third-party penetration testing, and a clear remediation SLA based on severity.
Responsible disclosure
Found a vulnerability? Tell us first, in private.
We welcome reports from independent researchers. Send details, reproduction steps, and any proof-of-concept to security@natura.inc. We acknowledge within 72 hours and keep you updated through remediation.
Machine-readable disclosure policy (RFC 9116): /.well-known/security.txt.
Subprocessors
Who handles your data with us.
Updated: April 26, 2026
We rely on a small set of vetted subprocessors to operate the Services. Each is bound by a Data Processing Agreement and applicable safeguards for international transfers.
Questions about our security posture?
For audit reports, DPAs, or anything else, write to our security team. We respond within two business days.
security@natura.inc