Security & Compliance
Last updated: January 30, 2026
PIOL Radar is built on enterprise-grade, SOC 2 Type II certified infrastructure. While we are not independently SOC 2 certified at this time, we leverage the security certifications of our infrastructure providers and implement rigorous application-level controls to protect your data.
Infrastructure Certifications
All core services powering PIOL Radar hold SOC 2 Type II certification, ensuring independent verification of security controls.
Application-Level Controls
Beyond infrastructure security, we implement comprehensive controls at the application layer.
Authentication & Access
- Multi-factor authentication (TOTP)
- Row-Level Security on all database tables
- Role-based access control with platform admin separation
- Secure session management with HTTP-only cookies
Data Protection
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- No personally identifiable information in application logs
- AI chat messages anonymized after 24 hours
- User data anonymized on account deletion
API Security
- Rate limiting on all endpoints
- Input validation with schema enforcement
- CORS restricted to application domains
- AI prompt sanitization to prevent injection attacks
Business Continuity
- Automated daily database backups with point-in-time recovery
- Edge network with automatic failover
- Stateless application architecture
- Uptime monitoring on critical endpoints
Data Residency
All data processing and storage occurs within US-based infrastructure. Payment card data is never stored by PIOL Radar — it is processed and vaulted exclusively by Stripe under PCI DSS Level 1 compliance.
Frequently Asked Questions
Is PIOL Radar SOC 2 certified?
Not yet. PIOL Radar is not independently SOC 2 certified at this time. However, all of our core infrastructure providers — Supabase, Vercel, OpenAI, and Stripe — hold SOC 2 Type II certification. We implement rigorous application-level security controls and plan to pursue our own certification in the future.
Where is my data stored?
All data is processed and stored within US-based infrastructure. Our database is hosted on Supabase (PostgreSQL) with encryption at rest (AES-256). Payment information is handled exclusively by Stripe and never touches our servers.
How is my data protected?
We use Row-Level Security (RLS) on every database table so users can only access their own organization's data. All traffic is encrypted with TLS 1.2+, and data at rest is encrypted with AES-256. AI chat conversations are automatically anonymized after 24 hours.
Do you support multi-factor authentication?
Yes. PIOL Radar supports TOTP-based multi-factor authentication, which you can enable in your account settings using any authenticator app.
Does PIOL Radar store my credit card information?
No. All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. PIOL Radar never stores, processes, or has access to your card details.
What happens to my data if I delete my account?
When you delete your account, your data is soft-deleted and personally identifiable information is anonymized. This ensures your data cannot be recovered or linked back to you.
Can I get copies of your providers' SOC 2 reports?
Yes. You can request SOC 2 audit reports directly from each provider's trust center. Links are provided in the Infrastructure Certifications section above, or contact us and we can assist.
How do you secure AI-generated content?
All AI prompts are sanitized to prevent injection attacks. AI processing is handled by OpenAI (SOC 2 Type II certified), and we do not use your data to train models. Chat messages are anonymized after 24 hours.
Security Inquiries
For security questions, to report a vulnerability, or to request detailed compliance documentation, please contact us.
admin@piol.ai