Security & Compliance

Our relationships with website visitors, customers, team members, and others.

Secure Hosting

AWS Hosting. Pano uses AWS in the United States as our external security hosting provider. AWS meets System and Organization (SOC II) standards verified by independent third-party examination reports demonstrating how the provider achieves key compliance controls and objectives. Please see the following website for further details on AWS compliance: https://aws.amazon.com/compliance/programs/.

Your Data is Your Data.

Data ownership. Your organization owns the submission data and file upload data. In EU Data Protection Law speak, your organization is the Controller. Pano will only access your data at your request. To protect your data from unauthorized access, we have logs with alerts set to notify us of suspicious activity.

Your organization may download your information or delete your information for our application at any time.

Authenticate Your Way

Passwordless Login. Instead of using a password (which can be insecure), Pano sends you a unique login code each time you access.

Industry Standard Encryption

Data at rest. All data is disk encrypted under AES-256.

Data in Transit. Data in transit is protected by TLS >=1.2 to provide end-to-end communication security

Data Backup and Replication

Data Backup. Pano is not to be used for data backup. For our purposes, we back up and replicate data as follows:

  • Nightly snapshots are taken of our application database cluster. These daily backups are stored for 14 days.
  • All data stored on our AWS S3 is replicated consistent from US-East Region to US-West Region with versioning enabled on all buckets replicated to another region.

Data backups are also encrypted using AES-256. If the data is replicated between regions, the data will be encrypted by AWS in addition to the file encryption and/or the client form encryption.

Security Monitoring

Logging. Our application will be configured for appropriate logging of activities to enable detection of security incidents. These incidents will be reviewed, and identified anomalies will be investigated for a possible compromise.

All logs activities are sent to a centralized logging infrastructure for audit purpose.

Security Testing

Internal Vulnerability Scans. Pano runs internal vulnerability scans quarterly.

External Vulnerability Scans. Pano has a PCI Approved Scanning Vendor (ASV) run external vulnerability scans quarterly.

Penetration Testing. Penetration testing for our application, network, and segmentation are run on a bi-annual basis by a third-party security vendor.

No External Testing. Since we have continuous scans and tests run by third-party vendors, Pano does not allow external testing of our environment, including performance testing.

Business Continuity/Disaster Recovery

Response Plan. Pano has a business continuity and disaster recovery plan that allows customers to continue to run our application in the unlikely event of an outage at AWS-US East.

Training

Annual Training. Our employees and contractors are provided with privacy and awareness training yearly and must pass a quiz each year.

Developer Training. Developers train annually on secure coding guidelines, avoiding common coding vulnerabilities, and understanding how sensitive data is handled.

Incident Response and Data Breach Response

Response Plan. Pano has documented Incident Response and Data Breach Response Plans, which outline the processes to respond to security events and incidents, and breaches of personal or protected data.

Pano's goal is to notify customers of an actual security incident within 24 hours after becoming aware of it.

Risk Management

Internal Risk. Our organization addresses cybersecurity risks in our risk management processes to identify critical assets, threats, and vulnerabilities.

Third-Party Risk. Pano performs risk-based due diligence on new and existing vendors to determine if the vendor is using appropriate technical controls and organization measures to protect data.

Privacy

Privacy Policy. Pano respects the privacy of our customers and the need for appropriate safeguards and protection of the personal information that our customers, employees, and contractors provide, including the data submitted using our products and services. Our Privacy Policy, which applies to the information that Pano processes (Customers, Website Visitors, Trial Users, Job Applicants) may be found at https://www.gopano.io/privacy

© 2024 Pano by Plain Sight Ventures
PrivacyTermsSecurity
Get demo