SOC 2 Type II
Audit in progress (Q3 2026). Controls for access, change, and monitoring.
Company · Security
SOC 2, GDPR-ready, RBAC, and data residency.
We built Pegalio for regulated industries from day one. SOC 2 Type II in progress, GDPR with DPA and subprocessors list, and self-host for teams that don't ship data outside.
Audit in progress (Q3 2026). Controls for access, change, and monitoring.
Ready DPA, subprocessors list, EU data residency on Business+.
16 system roles, 50+ permissions, audit log on every CUD operation.
OIDC, SAML, and mandatory MFA for admin roles.
TLS 1.3 in transit, AES-256 at rest. Keys held in KMS.
Full feature parity with hosted. Docker image for AWS/GCP/on-prem.
Pegalio engages the following third parties to deliver the service. Customers can subscribe to subprocessor change notifications via [email protected].
Email [email protected] to request these documents under NDA. We respond within 2 business days.
Found a security issue? Email [email protected]. We acknowledge reports within 24 hours and target fixes for critical issues within 7 days. We don't pursue legal action against good-faith research conducted under our disclosure policy.
Customer-impacting incidents trigger an in-app status banner, an email to workspace admins within 4 hours of confirmation, and a public post-mortem on /status within 5 business days.