Last updated: May 13, 2026

Security

At PantoSource ("Company," "we," "us," or "our"), security is foundational to how we build and operate our Services. This page describes the technical and organizational measures we implement to protect Personal Data and Customer Data entrusted to us.

Quick Summary

  • Encryption: TLS 1.2+ in transit, AES-256 at rest

  • Access Controls: Role-based access, multi-factor authentication, least-privilege principles

  • Infrastructure: Hosted on industry-leading cloud providers in the United States

  • Monitoring: Continuous logging, alerting, and security assessments

  • Incident Response: Documented procedures with 72-hour breach notification

  • Contact: Report security issues to security@pantosource.com

  1. Data Encryption

1.1 Encryption in Transit

All data transmitted between Customers, end-users, and our Services is encrypted using TLS 1.2 or higher. This includes API calls, dashboard access, and webhook deliveries.

1.2 Encryption at Rest

Personal Data and Customer Data stored on our infrastructure is encrypted at rest using AES-256 encryption.

1.3 Key Management

Encryption keys are managed using industry-standard key management services with rotation, access logging, and separation from encrypted data.

  1. Access Controls

2.1 Role-Based Access Control (RBAC)

Access to systems and data is granted based on job function and the principle of least privilege. Employees are granted only the access necessary to perform their responsibilities.

2.2 Multi-Factor Authentication (MFA)

All administrative access to production systems requires multi-factor authentication.

2.3 Access Reviews

We periodically review user access rights to ensure that access remains appropriate. Access is revoked promptly when no longer needed.

2.4 Audit Logging

Access to production systems and Personal Data is logged. Logs are retained and monitored for unauthorized or unusual activity.

  1. Infrastructure Security

3.1 Cloud Hosting

Our Services are hosted on industry-leading cloud infrastructure providers in the United States. These providers maintain physical security controls including:

  • 24/7 monitored access controls

  • Biometric authentication for facility entry

  • Environmental controls (fire suppression, climate control, power redundancy)

  • Compliance with major standards (e.g., SOC 2, ISO 27001)

3.2 Network Security

We implement multiple layers of network security including:

  • Firewalls and network segmentation

  • DDoS protection

  • Intrusion detection and prevention systems

  • Virtual private cloud (VPC) isolation

3.3 Application Security

Our applications are built with security best practices, including:

  • Secure software development lifecycle (SDLC)

  • Code reviews and static analysis

  • Regular dependency updates and vulnerability scanning

  • Protection against common vulnerabilities (e.g., OWASP Top 10)

  1. Data Backup and Recovery

4.1 Backups

We maintain regular backups of Customer Data to enable recovery in the event of system failure or data loss.

4.2 Disaster Recovery

We have documented disaster recovery and business continuity plans designed to minimize service disruption and data loss.

  1. Monitoring and Incident Response

5.1 Continuous Monitoring

We maintain continuous monitoring of our systems for security events, performance issues, and unauthorized activity. Alerts are escalated to on-call personnel as appropriate.

5.2 Incident Response Plan

We maintain a documented incident response plan that includes:

  • Detection and analysis

  • Containment and eradication

  • Recovery and lessons learned

  • Communication with affected parties

5.3 Breach Notification

In the event of a Personal Data breach, we will notify affected Customers without undue delay and in any event within seventy-two (72) hours of becoming aware of the breach, in compliance with applicable laws.

  1. Employee Security

6.1 Background Checks

Where permitted by law, we conduct background checks on employees with access to sensitive systems or data.

6.2 Security Training

All employees receive security and data protection training upon hire and annually thereafter.

6.3 Confidentiality

All employees and contractors are bound by confidentiality obligations.

  1. Vendor Security

We assess the security practices of our vendors and Sub-processors before engagement, and require them to maintain data protection standards consistent with our own. See our Sub-processors page at https://pantosource.com/sub-processors for details.

  1. Compliance

8.1 Data Protection Laws

We design our Services and security practices to comply with applicable data protection laws, including:

  • The EU General Data Protection Regulation (GDPR)

  • The UK GDPR

  • The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

  • Other U.S. state privacy laws (Colorado, Connecticut, Virginia, Utah, and others)

8.2 Certifications

We are working toward formal certifications including SOC 2 Type II. Updates will be reflected on this page as they become available.

  1. Customer Responsibilities

Security is a shared responsibility. To help protect your account and data, we recommend:

  • Using strong, unique passwords for your PantoSource account

  • Enabling multi-factor authentication where available

  • Limiting and reviewing user access regularly

  • Reporting suspicious activity to security@pantosource.com

  1. . Reporting Security Issues

If you discover a security vulnerability or suspect a security incident, please report it to:

Email: security@pantosource.com

We appreciate responsible disclosure and will work with researchers to verify, address, and acknowledge legitimate findings.

  1. . Contact

For general security inquiries:

Address: 2333 Brickell ave D1 #36 Miami FL 33129

Email: security@pantosource.com

For privacy-related inquiries: privacy@pantosource.com

Free Trial

Free Trial

Demo

Demo