Security is our product.
Transparency is our promise.
We hold ourselves to the same rigorous standards we enforce for our clients. Here is how we protect your data and earn your trust.
Encryption Everywhere
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Encryption keys are managed through hardware security modules (HSMs) with automatic rotation policies.
Zero-Plaintext Architecture
Sensitive data is never stored in cleartext at any layer of our stack. Credentials, tokens, and personally identifiable information are encrypted, hashed, or tokenized before persistence.
Zero-Trust Access Control
Every request is authenticated and authorized. We enforce least-privilege access across all internal systems, with mandatory multi-factor authentication and short-lived session tokens.
Continuous Security Testing
We conduct regular penetration tests, automated vulnerability scanning, and code reviews. Our CI/CD pipeline includes static analysis (SAST), dynamic analysis (DAST), and dependency auditing.
Incident Response
Our incident response procedures are aligned with the NIST Cybersecurity Framework. We maintain a documented IR playbook with defined escalation paths, communication protocols, and post-incident review processes.
Infrastructure Security
Our infrastructure runs on hardened, isolated environments with network segmentation, intrusion detection, and real-time monitoring. All infrastructure changes are version-controlled and peer-reviewed.
How We Handle Your Data
Data Collection
We collect only the minimum data necessary to deliver our Services. We do not sell, rent, or trade your personal information to third parties. See our Privacy Policy for full details.
Data Residency
Your data is processed and stored within secure, SOC 2-audited data centers in the United States. Cross-border transfers are governed by Standard Contractual Clauses (SCCs).
Data Retention
We retain data only as long as necessary for the purposes described in our Privacy Policy. When data is no longer needed, it is securely deleted using cryptographic erasure or multi-pass overwrite methods.
Data Portability
You can request a full export of your data at any time in a machine-readable format. We support data deletion requests within the timeframes required by GDPR and CCPA.
Responsible Disclosure
We value the security research community and welcome responsible disclosure of vulnerabilities. If you discover a security issue affecting PerimeterOne, please report it to us so we can address it promptly.
We aim to acknowledge reports within 24 hours and provide an initial assessment within 72 hours.
Live Defense Test
See PerimeterOne in action. This button simulates an unauthorized access attempt against our own perimeter. Watch how P1 Guardian responds in real time.