Docs/Administration/Security & Compliance

Security & Compliance

Pingd takes security seriously. This page details our security architecture, data handling practices, and compliance posture.

Data Architecture

Encryption

  • In transit: All data is encrypted using TLS 1.3
  • At rest: AES-256 encryption for all stored data
  • Database: Hosted on Supabase with row-level security (RLS) policies
  • Connector credentials: All external connection configurations (database passwords, API keys, OAuth tokens) are encrypted before storage — credentials are never stored in plaintext

Data Isolation

Each organization's data is logically isolated:
  • Row-level security ensures no cross-org data access
  • API calls are scoped to the authenticated user's organization
  • Agent queries only access data within the user's policy scope
  • External connections are scoped per-organization — one org cannot access another's connectors

Data Residency

  • Primary data storage: US (AWS us-east-1)
  • Contact us for EU data residency options (Enterprise plan)

Row-Level Security (RLS)

Pingd enforces RLS at the database level on all sensitive tables. This means even if application logic has a bug, the database itself prevents unauthorized access.

Tables protected by RLS:
  • copilot_api_keys — API keys scoped to the owning organization
  • external_connections — Data source credentials and configurations
  • external_tables — Discovered table schemas and mappings
  • slack_workspace_connections — Slack workspace-to-org mappings
  • agent_data_policies — Policy rules scoped to the owning organization
  • external_query_logs — Query audit trail scoped per-org
  • All existing tables (organizations, profiles, insights, etc.)
Every query to these tables is automatically filtered by organization_id, enforced at the Postgres level.

Access Controls

Authentication

  • Email/password with bcrypt hashing
  • OAuth via Google and Microsoft
  • Two-factor authentication (TOTP) available
  • SSO via SAML 2.0 (Enterprise plan)

API Key Authentication

For programmatic access (e.g., the Copilot API), Pingd uses API keys:
  • Keys are SHA-256 hashed before storage — the raw key is shown once at creation and never stored
  • Each key has a key_prefix (first 8 characters) for identification without exposing the full key
  • Keys are scoped to a specific organization via org_id
  • Keys support is_active toggle and optional expires_at for time-limited access
  • last_used_at is tracked for auditing
  • Authentication uses Bearer token in the Authorization header
API keys are managed at Admin → API Keys in the dashboard.

Authorization

Multiple layers of access control:
  1. Role-based — Owner, Admin, Member roles control feature access
  2. Policy-based — Data access policies control data visibility (see Data Access Policies)
  3. Row-level — Database RLS enforces access at the Postgres layer
  4. Org-scoped — All resources (connections, policies, keys) are isolated per organization

Session Management

  • JWT-based session tokens via Supabase Auth
  • Configurable session timeout
  • Automatic token refresh
  • Session revocation on password change

External Data Source Security

Credential Storage

When you connect an external data source (Snowflake, S3, Salesforce, Redshift, PostgreSQL), your credentials are:
  • Encrypted before being stored in the connection_config_encrypted field
  • Never logged or included in error messages
  • Only decrypted at query time in server-side memory
  • Scoped to your organization — no other org can access your connection

Connection Types & Auth Methods

SourceAuthentication
SnowflakeUsername/password + account identifier
Amazon S3AWS access key + secret key
SalesforceOAuth 2.0 with automatic token refresh
RedshiftUsername/password via PostgreSQL protocol
PostgreSQLUsername/password + SSL

Query Security

  • All queries pass through the policy engine before reaching your data source
  • Row-level filters are injected into every query automatically
  • Query logs are maintained for audit purposes in external_query_logs
  • The agent never has direct database access — all queries go through the Pingd API

AI & LLM Security

Data Usage

  • Your data is never used to train AI models
  • Queries are processed in real-time and not retained by AI providers
  • We use enterprise AI APIs with data processing agreements

Prompt Security

  • Input sanitization prevents prompt injection
  • System prompts are server-side only (not visible to users)
  • Guardrails prevent the agent from revealing sensitive configuration

Response Filtering

  • PII detection in responses
  • Configurable blocked topics
  • Rate limiting per user

Audit Trail

All significant actions are logged:

  • User logins and logouts
  • Data access queries (including which connector was used)
  • Configuration changes
  • Policy modifications
  • API key creation and revocation
  • External connection changes
  • User management actions (invites, role changes, removals)
Access the audit log at Settings → Security → Audit Log.

Audit logs are:

  • Immutable (cannot be modified or deleted)
  • Retained for 2 years
  • Exportable as CSV for compliance reviews

Compliance

SOC 2 Type II

Our architecture is designed to meet SOC 2 Type II requirements:
  • Access controls and authentication
  • Data encryption at rest and in transit
  • Audit logging and monitoring
  • Incident response procedures
  • Change management processes
SOC 2 certification in progress — contact us for our current security questionnaire.

GDPR

For organizations with EU users or data:
  • Data processing agreement (DPA) available
  • Right to deletion supported
  • Data export available
  • EU data residency option (Enterprise plan)

CCPA

California Consumer Privacy Act compliance:
  • Data inventory and mapping
  • Deletion requests honored within 30 days
  • No sale of personal information

Incident Response

In the event of a security incident:

  1. Detection — Automated monitoring and alerting
  2. Containment — Immediate isolation of affected systems
  3. Notification — Affected organizations notified within 72 hours
  4. Remediation — Root cause analysis and fix deployment
  5. Review — Post-incident review and process improvement

Security Questionnaire

Need to complete a vendor security assessment? Contact security@pingd.io — we have pre-completed questionnaires for common frameworks (SIG, CAIQ, VSAQ).

Pro Tip: For enterprise security requirements (SSO, IP allowlist, custom data retention, dedicated infrastructure), contact sales@pingd.io for our Enterprise plan.

See also: Data Access Policies · Admin Guide · Organization Settings

Previous
API Keys
Next
Troubleshooting Guide