Security
Our commitment to protecting your data and maintaining platform security
At PG:AI, security is fundamental to how we build and operate our platform. We implement comprehensive security measures to protect your data and ensure the reliability of our services.
Our Security Commitment
PG:AI was founded in 2024 with security as a core principle. We believe that trust is earned through transparency and consistent security practices, not just compliance checkboxes.
We are actively working with Drata to achieve SOC 2 certification, which we expect to complete within the next 6 months.
Security Framework
Defense in Depth
We employ multiple layers of security controls to protect your data:
Data Protection
Encryption at rest and in transit for all customer data
Access Control
Role-based access with multi-factor authentication options
Continuous Monitoring
24/7 monitoring of security events and automated alerting
Data Security
- Minimal Data Collection: We only collect essential user information (email and name)
- Secure Storage: All data is encrypted and stored with industry-leading providers
- Access Restrictions: Strict controls on who can access customer data
- Regular Reviews: Quarterly access reviews and security assessments
Compliance & Certifications
- Founded in 2024 with security-first principles
- Implementing industry best practices
- Regular internal security assessments
- Working with trusted security vendors
- Founded in 2024 with security-first principles
- Implementing industry best practices
- Regular internal security assessments
- Working with trusted security vendors
SOC 2 Type II Certification
- Partnering with Drata for compliance automation
- Expected completion within 6 months
- Will cover Security, Availability, and Confidentiality
Shared Security Model
Our Responsibilities
- Securing the platform infrastructure
- Protecting data at rest and in transit
- Maintaining application security
- Managing vendor security
- Incident response and monitoring
Your Responsibilities
- Managing user access to your account
- Using strong authentication methods
- Keeping credentials secure
- Reviewing user permissions regularly
- Reporting security concerns promptly
Security Features for Customers
Vendor Security
We carefully select and monitor all third-party services used in our platform. All vendors must meet our security requirements and sign appropriate data processing agreements.
View Subprocessors
See the complete list of third-party services we use
Security Best Practices
Enable MFA
Turn on multi-factor authentication for all user accounts
Regular Reviews
Review user access and permissions quarterly
Strong Passwords
Use unique, complex passwords for all accounts
Monitor Activity
Regularly check account activity for unusual behavior
Reporting Security Issues
If you discover a security vulnerability or have concerns about our security practices:
Please report security issues directly to [email protected] rather than through public channels. We take all security reports seriously and will respond promptly.
Additional Information
For detailed security documentation, audit reports, or specific security questionnaires, please contact our security team. We’re happy to provide additional information under NDA for enterprise customers evaluating PG:AI.