zantiq.byNomina
FeaturesPricingDocs
LoginTry Demo
zantiq.byNomina

Agentic QA for product flows that need real browser context, inboxes, SMS, credentials, and evidence.

Product

  • Features
  • Pricing
  • API Reference
  • Changelog

Company

  • About
  • Nomina
  • Blog
  • Careers
  • Contact

Legal

  • Privacy
  • Terms
  • Security
© 2026 Zantiq by Nomina. All rights reserved.

How we keep things locked down

Zantiq by Nomina manages tester credentials, inboxes, SMS, and browser state. That's sensitive stuff. Here's how we handle it.

Encrypted end to end

TLS 1.3 in transit. AES-256 at rest. API keys bcrypt-hashed. We don't cut corners on crypto.

SOC 2 providers

Our infrastructure runs on Vercel and Neon — both SOC 2 Type II compliant. We audit regularly.

Isolated by design

Every tester's credentials are encrypted with their own key. No customer can access another's data.

Infrastructure

The platform runs on Vercel's edge network with built-in DDoS protection and a global CDN. Our database is Neon's serverless PostgreSQL — automated backups, point-in-time recovery, encryption at rest. We picked providers who take security as seriously as we do.

Data protection

Every API call is encrypted with TLS 1.3. Data at rest uses AES-256. We store API key hashes, never the raw keys. Tester credentials — passwords, tokens, OAuth secrets — are encrypted with per-tester keys. Stripe handles all payment data; we never touch card numbers. Test data is deleted 90 days after a tester is terminated.

Identity security

Tester identities are the most sensitive thing in Zantiq by Nomina. Each tester's identity components — email, phone, social accounts — live in isolated environments with unique encryption keys. There's no way for one customer's testers to see another's data. When you terminate a tester, credentials are destroyed within 24 hours.

Access controls

Authentication is OAuth 2.0 only — we never store passwords. API keys have optional expiration and instant revocation. Rate limits are enforced per plan. Dashboard sessions time out after 24 hours of inactivity. Every admin action is logged.

Found something?

If you've found a vulnerability, email security@zantiq.io. We'll respond within 48 hours. Please don't disclose publicly until we've had a chance to fix it. We don't have a formal bounty program yet, but we'll credit anyone who helps us improve.

Compliance

Our providers (Vercel, Neon, Stripe) maintain SOC 2 Type II compliance. We're working toward our own SOC 2 certification. We handle GDPR requirements for EU customers and offer data processing agreements on request. Reach out to compliance@zantiq.io.