Specifications — Overview

Encryption

Your data is encrypted at rest and in transit. The encryption key lives in your own AWS account — giving you a structural kill switch that doesn't depend on trusting PanOps. This is a privacy guarantee by architecture, not by policy.

← Back to Specifications

Encryption at Every Layer

All customer data stored by PanOps — database records, email archives, video recordings, transcripts — is encrypted using AES-256 at rest. All data in transit between PanOps services, and between your browser and PanOps, is protected with TLS 1.2 or higher. The encryption key is customer-managed and lives in your own AWS account.

At Rest
AES-256 via Customer-Managed KMS
Aurora and S3 encrypted with AES-256 via your own AWS KMS key, in your own AWS account. PanOps can encrypt and decrypt to run the service — but cannot delete or disable your key.
In Transit
TLS 1.2+
All data in transit between PanOps services, and between your browser and PanOps, is protected with TLS 1.2 or higher. No unencrypted transport paths.

The Encryption Guarantee

Each customer receives a dedicated AWS sub-account containing their data and their KMS key. PanOps is granted only two KMS permissions: kms:Encrypt and kms:Decrypt. PanOps does not have kms:DeleteKey, kms:DisableKey, or any administrative key permissions.

Every time PanOps uses your key to encrypt or decrypt data, that API call is logged in CloudTrail - inside your AWS account, not ours. You can see exactly when and how often your key was used, and you can verify PanOps never performed administrative key operations.

“This key lives in your AWS account. We can encrypt and decrypt to run the service, but we cannot delete or disable it. Every time we use it, it is logged in your CloudTrail that you control - not ours.”

What the Kill Switch Means in Practice

Because your KMS key lives in your AWS account, you can disable or delete it from your own AWS console at any time - no notice to PanOps required, no contractual process, no waiting. Once the key is disabled, PanOps's decrypt calls immediately fail and we can no longer read any of your data. Your data remains in your S3 bucket and Aurora instance, encrypted, inaccessible to anyone without the key.

  • Disable key → PanOps cannot read your data immediately
  • Re-enable key → service resumes with no data loss
  • Delete key → data is permanently inaccessible to everyone (including you)
  • No PanOps action required - entirely within your control
View full technical specifications →
Deployment
Runs entirely within your own cloud environment, which is provisioned and managed by PanOps. No data ever leaves your infrastructure.
Intelligence Model
PanOps-hosted AI model — deployed and managed inside your cloud environment. By design, no customer communications data is transmitted to any external service or third-party API.
CEO Signal™ Interface
Ask any question about your organization. Receive answers sourced from real communications.