Trust Centre
Security is our product, not just our promise.
Pennrows is built for organisations that demand enterprise-grade security from their vendors. Below is an overview of our practices, certifications, and commitments.
Infrastructure
Hosted on AWS with SOC 2 Type II certification. All data encrypted at rest with AES-256 and in transit with TLS 1.3. Multi-region redundancy and automated failover.
Application Security
Regular penetration testing and dependency scanning. Role-based access control (RBAC) with five distinct roles. SSO available on Business and Enterprise plans.
Data Handling
Ephemeral code processing—repositories are cloned into isolated containers for the duration of a scan and immediately purged. No raw source code is ever stored. Strict tenant isolation.
Compliance
SOC 2 Type II and ISO 27001 certified. GDPR and CCPA compliant. Compliance dashboards map findings to SOC 2, ISO 27001, and OWASP Top 10 controls.
Incident Response
24-hour notification commitment for confirmed data breaches. Dedicated security team with defined escalation paths. Incident response playbooks tested annually.
Responsible Disclosure
We welcome security researchers. Report vulnerabilities to security@pennrows.com. We provide safe harbour for good-faith research and acknowledge researchers in our hall of fame.