Privacy & Cookies

This page explains how a Nano instance running inside your organization handles data and cookies.

What Nano Stores

• Account and session data: name, email, session identifiers, and profile information needed to sign you in and keep the session active.
• App data: entity rows and fields defined by your admins, such as clients, tickets, events, or imported spreadsheet data.
• Files and images: optional attachments stored in the Nano’s configured storage folders.
• Operational signals: minimal logs and health information when your admins enable them for reliability and support.

Cookies

Nano uses small, scoped cookies to support authentication, CSRF protection, and a better user experience. Without them, sign-in and some protected flows will not work correctly.

Your cookie-banner choice is remembered locally for 30 days.

Security In Brief

• HTTPS: Nanos are meant to run over TLS inside your own environment.
• Access control: page routes, APIs, app access, and admin behavior are enforced server-side.
• Sessions and CSRF: Nano uses signed session cookies and CSRF tokens for browser-based writes.
• Local control: data stays in your environment unless your admins connect external services.

Your Choices

• Profile: update your name, avatar, and other allowed profile data.
• Data access: request corrections or deletion according to your organization’s policies.
• Cookies: clear them in your browser if you want to remove remembered choices or sessions.

For Administrators

• Data ownership: your organization owns the entity schemas and the content stored in them.
• Configuration: manage credentials, SSO options, and settings through `config.json` and the Settings pages.
• External services: review any connectors that move data outside your network.

This summary is provided for clarity and ease of understanding. It is not legal advice.