Security & Compliance

Enterprise-grade protection, built in from day one.

PhronEdge is designed to safeguard your organization’s most critical information. From identity management to data storage, security is the core of our architecture so you can innovate with confidence.

Core Security Practices

• Encryption everywhere: AES-256 at rest, TLS 1.2+ in transit
  
  

• Multi-tenant isolation: strict boundaries between customer data
  
  

• OAuth 2.0 authentication only: secure sign-up and sign-in with Microsoft Teams, Slack, GitHub, Jira, and more. No passwords, no duplication
  
  

• Principle of least privilege: minimal access granted across infrastructure
  
  

• Secrets management: all keys and tokens stored securely via AWS KMS and Parameter Store
  
  
  

Identity & Access Management

• OAuth 2.0 + SSO by default: your identity provider controls authentication
  
  

• Role-based access controls (RBAC) for executives, managers, and team members
  
  

• Admin dashboard with controls to invite, deactivate, and manage users
  
  

• No local accounts: PhronEdge never stores user passwords
  
  
  

Operational Security

• Continuous monitoring and audit logging with anomaly detection
  
  

• Automated backups with disaster recovery policies
  
  

• Regular vulnerability scanning and penetration testing roadmap
  
  

• Incident response protocols aligned with industry best practices
  
  
  

Privacy & Data Handling

• Your insights remain your property. We never sell or share data
  
  

• Data retention: 30 days by default; extended retention available for enterprise plans
  
  

• GDPR + CCPA readiness: honoring access, deletion, and portability requests
  
  

• Data residency options: deploy in cloud, private VPC, or on-prem for enterprise customers
  
  
  

Compliance Roadmap

We are actively aligning with global standards and are on track toward recognized certifications:

• SOC 2 Type I → SOC 2 Type II (on track)
  
  

• ISO 27001 (on track)
  
  

• HIPAA readiness (for healthcare customers)
  
  
  

Transparency & Trust

We believe in clear communication around security and compliance.

• Security overview and architecture docs available under NDA
  
  

• Dedicated security contact for compliance questions
  
  

• Continuous investment in certifications and audits
  
  
  

Next Steps

[Request Security Overview] (button)
[Contact Security Team] (button)

Frequently Asked Questions

Do you store customer passwords?
No. PhronEdge never stores or manages user passwords. All authentication is handled securely through OAuth 2.0 and your identity provider (e.g., Microsoft, Slack, GitHub, Jira).

Where is my data hosted?
Your data is stored in secure, cloud-based environments with strict tenant isolation. Enterprise customers can choose deployment in our cloud, a private VPC, or on-premises.

How long do you keep customer data?
By default, data is retained for 30 days. Extended retention is available for enterprise plans. We honor GDPR and CCPA rights for access, deletion, and portability.

Do you sell or share customer data?
Never. Your insights remain your property. PhronEdge does not sell, rent, or share customer data with third parties.