Security & Privacy

Your data never leaves your secure environment.

PanOps is built from the ground up on a zero-access architecture. The privacy guarantee is architectural — not contractual.

Encryption & Access

Security Architecture

Every component of PanOps is designed around a single principle: the platform should be incapable of accessing your data, not merely contractually prohibited from doing so.

Encryption at Rest
Customer-Managed Keys
All data stored in your secure environment is encrypted using keys generated and managed within your environment. PanOps holds no decryption keys and has no mechanism to decrypt your data at rest.
Encryption in Transit
No Unencrypted Traversal
All data in motion is encrypted via TLS 1.2 or higher. No communications data or query content traverses the public internet unencrypted at any point in the PanOps pipeline.
Access Control
Zero-Access Architecture
PanOps provisions and manages your environment — but retains no ongoing access to the data inside it. Access to communications archives, query history, and inference results is architecturally inaccessible to PanOps personnel.
Key Management
Customer-Managed, Customer-Controlled
Encryption keys are generated within your secure environment and remain there. Key rotation is under your control. PanOps has no key material — not for initial provisioning, not for ongoing access, not under any circumstances.
Privacy

Employee Consent

PanOps requires explicit employee consent before capturing any communications. Consent is not implicit, not system-wide by default, and not irrevocable.

Consent Framework

Employees know what is captured. They agree to it. They can revoke it.

Every employee enrolled in PanOps completes an explicit consent flow that presents a plain-language description of which platforms are connected, what data categories are captured, and who can query it. Consent is recorded per employee per channel and stored in your cloud environment. Employees can revoke consent at any time — their data will be excluded from future ingestion. Administrators can also revoke on behalf of any employee. No communications data is ingested for any employee who has not completed enrollment.

Isolation

Data Isolation Architecture

There is no shared infrastructure between PanOps customers. Each deployment is fully contained within a single secure environment.

One Environment Per Customer
Dedicated Cloud Account
Every PanOps customer runs in their own cloud account and environment. There are no shared databases, shared compute clusters, or shared storage buckets between customers. Data bleed between customers is architecturally impossible.
Storage Isolation
Row-Level Security
Within your environment, row-level security (RLS) is enforced at the storage layer to prevent unauthorized data access across different organizational boundaries — including between different employee scopes within the same deployment.
Boundaries

What PanOps Does Not Do

These are not policy commitments. They are architectural limitations. PanOps cannot do these things — not merely will not.

  • Access or read inference data — queries sent to Signal, or the responses generated, are never transmitted outside your environment
  • Log queries — no query history or prompt content is stored in PanOps systems
  • Store conversation history outside your environment — persistent memory lives in your environment only
  • Share data with third parties — no communications data, query content, or organizational intelligence is sent to any third-party service
  • Call external AI model APIs — no third-party inference API (commercial or otherwise) is used at any stage in the pipeline
  • Access your environment without your credentials — ongoing access to your secure environment requires credentials that only you hold
Honest Disclosure

PanOps is not a SOC 2 certified provider at this stage. We are in design partner mode, working with a small number of organizations to validate the architecture in production. Design partner customers should evaluate the architecture independently and should not rely solely on PanOps representations about security. We will pursue formal certification as the product matures. We believe in being direct about where we are.

Understand how the intelligence model is designed.Self-hosted architecture, zero external transmission, and isolated compute — in full technical detail.

View Model Specifications
Deployment
Runs entirely within your own cloud environment, which is provisioned and managed by PanOps. No data ever leaves your infrastructure.
Intelligence Model
PanOps-hosted AI model — deployed and managed inside your cloud environment. By design, no customer communications data is transmitted to any external service or third-party API.
CEO Signal™ Interface
Ask any question about your organization. Receive answers sourced from real communications.