Hi Mikel,
See: https://docs.mendix.com/refguide/nanoflows/
The documentation states:
The following actions interact with the database:
Therefore, the best practice is to use nanoflows in online applications when they do not contain the above actions.
Furthermore:
6 Security
Nanoflows are executed in the context of the current user. Any operation for which the user is unauthorized will fail. For instance, when objects are retrieved in a nanoflow, only the ones for which the current user has read access will be returned. Committing an object only succeeds when the current user has write access for all changes.
Best regards
Jan