SOC 2 Type II
Independent audit of security, availability, and confidentiality controls. Type II report available under NDA (audit in progress, Q3 2026).
Trust Center
Everything your security and procurement teams need — in one place.
Pegalio is built for regulated industries. This Trust Center lets your security, legal, and procurement teams self-serve the certifications, controls, and documents they need to clear vendor review — without waiting on a sales call. Sensitive artifacts are available under NDA.
Independent audit of security, availability, and confidentiality controls. Type II report available under NDA (audit in progress, Q3 2026).
Information security management system aligned to ISO/IEC 27001. Certification roadmap available on request.
Clear controller/processor roles, a ready DPA with SCCs, and data-subject-rights workflows.
TLS 1.3 in transit and AES-256 at rest. Encryption keys are managed in a dedicated KMS.
Choose US or EU hosting. Self-hosting keeps every byte inside your own infrastructure.
16 system roles, 50+ granular permissions, and an immutable audit log on every change.
Role-based access control with least-privilege defaults, mandatory MFA for administrative roles, and SSO via OIDC and SAML. Every privileged action is attributable to a named user in the audit log.
Data is encrypted in transit (TLS 1.3) and at rest (AES-256), with keys held in a managed KMS. Production is isolated from staging, and access is restricted, logged, and reviewed.
Continuous error and security monitoring, automated backups with tested restores, and a documented incident-response process with defined notification timelines.
Independent penetration testing on a regular cadence, dependency and vulnerability scanning in CI, and a public vulnerability-disclosure channel at [email protected].
Public documents are linked directly. Confidential artifacts are shared under NDA — email [email protected] and we respond within two business days.
Live component status, incident history, and uptime are published on our status page. Customer-impacting incidents trigger admin notifications within four hours of confirmation and a public post-mortem within five business days.
Need a security questionnaire completed or a document under NDA? Email [email protected].