Security

Protecting your data is fundamental to how we build and operate PnotL. This page describes the security measures we implement across our platform.

Infrastructure

PnotL runs on Google Cloud Platform with data stored in EU (London) and US regions. All infrastructure is provisioned with Infrastructure as Code and undergoes regular security scanning.

Encryption

All data in transit is encrypted with TLS 1.3. Data at rest is encrypted using AES-256. Database connections use encrypted channels.

Authentication & Access

User authentication is handled by VE-ID, our identity platform. We support email/password with PBKDF2 hashing. Internal access to production systems requires MFA and is logged.

Data Isolation

Every customer's data is isolated at the database level using row-level security policies. API endpoints enforce tenant isolation on every request. Background jobs are scoped to individual tenants.

AI Processing

Specialist runs are processed by Anthropic Claude. Your input data is not used to train models. Run data is retained per your plan's retention period and then permanently deleted.

Compliance

We comply with UK GDPR, the EU AI Act, and standard data protection regulations. A Data Processing Addendum (DPA) is available for customers who require it.

Vulnerability Reporting

If you discover a security vulnerability, please report it to security@viableenough.com. We aim to acknowledge reports within 24 hours.