Security Overview

Enterprise-Grade Security

Pylon is built for companies that take security seriously. We serve customers across financial services, healthcare, and enterprise software - industries where data protection isn't optional.

Compliance & Certifications

Pylon holds active SOC 2 Type II and ISO 27001:2022 certifications, with annual audits to ensure ongoing compliance. We're also GLBA and GDPR compliant, with HIPAA BAAs and Data Processing Agreements available upon request.

All compliance documentation, including our SOC 2 report and ISO 27001 certificate, is available at trust.usepylon.com.

AI Security

Pylon uses AI to power intelligent support features. We've built our AI infrastructure with enterprise security requirements in mind.

We maintain zero data retention agreements with all AI providers. Your data is never stored by third-party AI vendors and is never used to train AI models. Customer data is isolated at the request level and never commingled with other customers during processing. All AI API calls are encrypted using TLS 1.2+.

Infrastructure

Pylon is hosted on AWS infrastructure in the United States, leveraging AWS's SOC 2 and ISO 27001 certified environment. All data is encrypted using AES-256 at rest and TLS 1.2+ in transit. We perform daily encrypted backups and maintain network isolation through VPCs, network segmentation, and security groups.

Customer data is logically isolated at the database level. Your data is never accessible to other customers.

Data Retention & Deletion

Data retention is configurable within the platform. You can set auto-deletion policies or delete data on-demand at any time.

Your data is permanently deleted when you request deletion through our team, when you delete your account, or after an extended period of account inactivity. Upon request, we can delete all your data within 72 hours.

Full data export is available via API for compliance and portability requirements.

Enterprise Security Features

For identity and access management, we support SSO via SAML 2.0 with providers like Okta, Azure AD, and Google Workspace. SCIM integration enables automated user provisioning and deprovisioning, and role-based access controls let you define granular permissions for your team.

For audit and compliance, Pylon provides comprehensive audit logs covering user activity and data access. Activity logs can be exported via API for integration with your SIEM.

Security Practices

We conduct annual third-party penetration tests and run continuous vulnerability scans with defined remediation SLAs. Access to all systems follows the principle of least privilege, with quarterly access reviews.

Pylon support personnel only access customer data when actively working on support tickets, and all access is logged. Employee access to customer data requires approval and is granted only for active support issues.

Availability

We monitor service health around the clock. Check our current status and uptime history at status.usepylon.com.

Vulnerability Disclosure

We maintain an active vulnerability disclosure program. Security researchers can report vulnerabilities to [email protected]. Visit https://www.usepylon.com/vulnerability-disclosure-policy for more details

Subprocessors

Pylon uses industry-standard third-party services for cloud infrastructure, AI processing, payment processing, and analytics. For a complete list of subprocessors, visit usepylon.com/subprocessors.

Support

We respond to support requests within 24 hours. Enterprise customers have access to priority support with faster response times. Security issues receive immediate attention.

Frequently Asked Questions

Where is my data stored?

All data is stored in AWS data centers in the United States.

Is my data used to train AI models?

No. We have zero data retention agreements with all AI providers. Your data is never used to train or improve AI models.

How quickly can my data be deleted?

Upon request, we can delete all your data within 72 hours. Contact [email protected] for deletion requests.

Do you support security questionnaires?

Yes. Our SOC 2 Type II report is available under NDA at trust.usepylon.com, and we're happy to complete security questionnaires for prospective customers.

Contact

For security questions or to report a vulnerability, contact [email protected].

For compliance documentation and our SOC 2 report, visit trust.usepylon.com.