Pondral← Back to Pondral
Security
How we keep your data safe.
Security at Pondral is engineered, audited, and documented, not a checklist on a marketing page.
Posture
- GDPR / CCPA: designed for compliance; DPA available on request for paid plans
- Encryption: at rest and in transit
- Access: least-privilege, audit-logged
Encryption
All data is encrypted in transit with TLS 1.3 and at rest with AES-256, managed by our infrastructure providers (Supabase and Vercel). Customer data is logically isolated per workspace with row-level security.
Access controls
- SSO via SAML, Google, and Microsoft (Agency plans)
- Role-based access control with audit logs
- Least-privilege production access, audit-logged
Incident response
If we confirm a security incident affecting your data, we notify affected customers without undue delay and within 72 hours of confirmation. We run an internal post-incident review and share a summary with affected customers on request.
For full vendor-review packages, see /compliance. Vulnerability disclosure: security@pondral.com.
Last updated June 2026Run a free audit →