Trust & Security

Last updated: March 2026

Security Posture

Encryption

All data in transit is encrypted using TLS 1.2+. Data at rest is encrypted using AES-256. Encryption keys are managed with rotation policies.

Infrastructure

Hosted on enterprise cloud infrastructure with geographic redundancy. Infrastructure access is limited to operations personnel via privileged access management.

Access Controls

Role-based access control enforced at all service layers. Multi-factor authentication required for all internal systems. Least-privilege principle applied throughout.

Compliance

Pre-launch Certifications in progress — documentation available upon request

SOC 2 Type II

Audit planned — Q3 2026

GDPR

EU data processing agreements available. Data residency options for EU customers.

ISO 27001

Roadmap item — timeline on request

Penetration Testing

Annual third-party penetration tests. Reports available under NDA for enterprise customers.

Enterprise Features

Roadmap Available on enterprise plans — contact us for timeline

SSO / SAML

Single sign-on via SAML 2.0 or OIDC. Integration with Okta, Azure AD, and Google Workspace.

RBAC

Role-based access control at the project and organization level. Custom roles with granular permissions available on enterprise tier.

Audit Logs

Immutable audit logs for all user actions and data access events. Exportable for SIEM integration.

Data Handling

Storage

Customer project files are stored in isolated, encrypted storage buckets. Cross-customer data access is not possible by design.

Retention

Project data is retained for the duration of your subscription. Data deletion is available on request and is executed within 30 days.

Training Use

Customer project data is never used to train AI models. Your site data belongs to you.

Common Procurement Questions

Does PVX.AI have a DPA (Data Processing Agreement)?

Yes. A standard DPA is available for enterprise customers and is required for EU data processing arrangements. Contact us at [email protected].

Where is our project data stored?

Data is stored in US-East (AWS) by default. EU data residency is available for enterprise customers upon request.

Can we get a security questionnaire completed?

Yes. Contact our team and we'll work with your security team directly. We can complete standard questionnaire formats (CAIQ, SIG, custom).

Who has access to our files?

Access is restricted to the users in your organization. PVX.AI support engineers can access files only with your explicit written permission for troubleshooting purposes.

Need detailed security documentation for your procurement process?

Request Security Documentation