Welcome to our
Trust Center
Security information available
Product Security
Role-Based Access Control
✅
Single Sign-On (SSO)
✅
Audit Logging
✅
Data Security
✅
OWASP Standard
✅
Infrastructure Security
Physical Security
✅
ZTNA / VPN
✅
Load Balancers
✅
TLS/SSL Support
✅
Least Privilege Principle
✅
Data Security
Encryption at-rest
✅
Encryption in transit
✅
Password Hashed (Argon2id)
✅
Data remains only in sever environment
✅
Application Security
Secure SDLC
✅
Code Reviews
✅
Secret Detection
✅
Code Analysis
✅
Container Scanning
✅
Dependency Scanning
✅
Security Vulnerabilities
✅
Privacy and Data Management
Secure Data Storage
✅
Data Handling
✅
Data Minimization
✅
Data Storage
✅
Data at Termination
✅
Reports
Network Diagram
✅
Architecture Diagrams
✅
Penfield App Architecture
✅
Pentest Report
✅
Access Control
Data Access
✅
Logging
✅
Password Security
✅
Monitoring and Logging
✅
Corporate Security
Email Protection
✅
Employee Training
✅
Incident Response
✅
Endpoint Security
✅
Endpoint Security
✅
MFA
✅
Security Grades
Qualys SSL Labs
✅
Policies
Acceptable Use Policy
✅
Access Control Policy
✅
Information Security Policy
✅
Legal & HR
Privacy Policy
✅
Background Check
✅
Support
Customer Support
✅
SLA
✅
FAQ Security
Focus: How you protect the platform from attacks.
A: All data is hosted on secure, enterprise-grade cloud servers provided by [Insert Provider, e.g., Amazon Web Services (AWS) / Google Cloud Platform]. Our servers are located in data centers in [Insert Region, e.g., North America] which adhere to ISO 27001 and SOC 2 Type II standards.
A: Yes. We encrypt data both in transit (using TLS 1.2 or higher) and at rest (using AES-256 encryption). This ensures that your information is unreadable to unauthorized parties whether it is being sent to us or stored in our database.
A: Yes, we conduct regular vulnerability scans and engage third-party security experts to perform penetration tests [Insert Frequency, e.g., annually] to identify and resolve potential security risks.
Â
A: We never store passwords in plain text. All user passwords are hashed and salted using industry-standard algorithms (e.g., bcrypt) before being stored.
Focus: Who owns the data and how it is used.
A: You do. We act as a data processor. We do not claim ownership of your content, student data, or intellectual property. You may export or delete your data at any time.
A: No. We have a strict policy against selling user data. We only share data with trusted sub-processors (like our hosting provider or email service) necessary to deliver the service to you.
A: Yes, we are committed to compliance with major privacy regulations including GDPR (Europe) and CCPA (California). If you need to exercise your Right to be Forgotten or request a Data Processing Agreement (DPA), please contact our privacy team.
Â
Focus: Official standards you meet.
A: Yes. We design our platform to support compliance with FERPA (Family Educational Rights and Privacy Act). We do not collect unnecessary personal information from students under 13, and we provide schools with the control required to manage parental consent in accordance with COPPA.
A:Â We align our internal controls with SOC 2 standards and use SOC 2 certified infrastructure providers (like AWS/Azure) to ensure the highest level of security.
Focus: Keeping the site online and backing up work.
Â
A: We perform automated backups [Insert Frequency, e.g., daily]. In the unlikely event of data loss, we can restore the system to a previous state to minimize impact.
A: We strive for a 99.9% uptime. You can view our real-time system status and historical uptime data on our [Link to Status Page].
A: We have a Disaster Recovery (DR) plan in place that includes data redundancy. If our primary data center goes offline, we can failover to a backup region to restore service quickly.
Â
Focus: How to get sensitive documents.
A: Sensitive documents (such as penetration test summaries or audit reports) are available upon request. Please click the “Request Access” button. You may be required to sign a digital NDA before downloading.
