NNSFlowNNSFlow
Security & Compliance

Security & Compliance

How NNSFlow protects your data and ensures evidence integrity for regulatory requirements.

Evidence Integrity

Technical measures that ensure your evidence is tamper-proof.

Content Hashing

Every evidence snapshot is hashed using SHA-256 at capture time. This cryptographic hash is stored alongside the content, allowing verification that the evidence has not been modified.

Immutability Enforcement

Once a screening is completed, evidence records are locked at the database level. Database triggers prevent any UPDATE or DELETE operations on completed evidence. This is technical enforcement, not policy.

Decision Snapshot

The tool configuration at decision time (keywords, site filters, search parameters) is frozen alongside the evidence. This prevents "different settings" arguments in audits.

Annotations Separate from Evidence

Post-completion notes are stored in a separate annotations table. The original evidence remains untouched. Annotations can be added but cannot alter the underlying record.

Data Handling

What We Store

  • -Evidence snapshots: Full extracted text content from sources reviewed during screening
  • -Source metadata: URLs, titles, domains, timestamps
  • -User decisions: Decision type, reasoning, decision timestamp, user attribution
  • -Configuration snapshot: Keywords, filters, and settings used at decision time
  • -Audit logs: User actions, access records, decision logs

What We Don't Store

  • -Raw HTML or JavaScript from source pages
  • -Images, videos, or other media files
  • -Data from sources not explicitly reviewed

Data Retention

10 years

Completed Screenings

Evidence snapshots and audit logs for completed screenings are retained for 10 years from the decision date. This aligns with Swiss AML documentation requirements.

Retention period is configurable for enterprise deployments.

90 days

Abandoned Investigations

Draft or abandoned screening investigations (never completed) are automatically purged after 90 days. This prevents accumulation of incomplete work.

Investigations can be manually deleted before this period.

Scheduled Retention Jobs

Retention is enforced by scheduled jobs. Abandoned investigations are purged automatically; deletion of expired evidence is reviewed by an administrator and logged in the audit chain.

Logged Deletion

Every deletion event (automated purge or administrator action) is recorded in the audit log with timestamp, actor, and authorisation context.

Regulatory Alignment

Designed around the documentation standards expected by Swiss and European regulators.

Swiss nFADP (New Federal Act on Data Protection)

Data processing is purpose-bound (AML due diligence only), proportionate (only storing what's needed for evidence), and documented (full audit trail). Processing purpose is explicitly stated in evidence records.

GDPR Article 6

Legal basis for processing under (c) legal obligation (AML/KYC requirements) and (f) legitimate interest (risk assessment documentation). Evidence snapshots represent factual basis for compliance decisions.

FINMA Requirements

Designed to meet FINMA expectations for traceability, reproducibility, and auditability. Evidence snapshots allow exact reconstruction of what was reviewed at decision time.

Important Clarification

NNSFlow does not perform continuous monitoring. Evidence is collected only in response to explicit screening actions initiated by compliance officers. This is point-in-time due diligence, not surveillance.

Deployment Security

Coming soon

Cloud (SaaS)

  • HTTPS encryption in transit
  • Encryption at rest for stored data
  • Authentication via Keycloak (OIDC)
  • Role-based access control
  • Regular security updates

On-Premise (Docker)

  • Full deployment within your infrastructure
  • Data never leaves your network
  • Integration with existing identity providers
  • Control over backup and recovery
  • Containerized (Docker Compose)

Access Control

Role
View Evidence
Complete Investigation
Export
Admin
LoD1: Front Office
LoD2: Compliance
LoD3: Audit (Read-only)
Administrator

Every permission in this matrix is fully customizable per role. All access to evidence is logged. Admins can only delete expired evidence, not active records.

FAQ

Frequently asked questions

What procurement, security, and compliance teams ask before signing.

Is data encrypted at rest and in transit?

In transit, yes. The reverse proxy enforces TLS 1.2 and 1.3 with ECDHE and AES-GCM cipher suites. At rest, third-party integration credentials (API keys for sanctions providers, search APIs, etc.) are stored encrypted with AES-256-GCM. Broader storage encryption depends on the underlying database and object-storage configuration; on-premise deployments inherit the customer's disk and storage encryption controls.

Where is my data stored?

On-premise is the only deployment available today: all data stays within the customer's infrastructure and never leaves the customer's network. The planned Cloud SaaS (launch date to be announced) will host data on dedicated bare-metal servers in OVH's Roubaix (France) data centre. EU jurisdiction, GDPR-aligned, no shared multi-tenant compute. The data processing register and any cross-border details will be shared during procurement.

Is NNSFlow ISO 27001 or SOC 2 certified?

Not currently. Independent certifications are on the roadmap. Until then, security controls and architecture are documented and reviewed with prospective customers during procurement on a case-by-case basis. The product itself is built around the technical controls Swiss compliance audits emphasise: tamper-evident evidence, retention enforcement, role-based access, and audit logging.

Can NNSFlow be deployed entirely on our infrastructure?

Yes. On-premise deployment via Docker Compose is available on the Enterprise plan. The full stack runs inside the customer's environment and supports air-gapped or no-egress network segments. Data never leaves the customer's network in this mode. Technical detail on what we test before each on-prem release is in our blog post on air-gapped deployment.

Do you use sub-processors? Where are they?

When Cloud SaaS launches, yes. The planned sub-processor list (covering infrastructure, transactional email, and payments) will be shared on request during procurement and will form part of the contractual documentation reviewed by the customer's data protection team. On-premise deployments use no NNSFlow-managed sub-processors; all processing happens inside the customer's infrastructure.

How do you handle GDPR data subject requests?

AML retention requirements (typically 10 years under AMLA Article 7) take precedence over the right to erasure under Article 17 GDPR and Article 31 nFADP, where the legal-obligation justification ground applies. AMLA Article 10a (suspicious activity report confidentiality) is respected. Specific data-subject access requests are coordinated case-by-case during the engagement and reflected in the contractual data-protection annex.

Questions about security?

For detailed security documentation or to discuss specific compliance requirements, contact our team.

Contact us