Compliance
Data protection & controls
PantherIQ applies enterprise-grade safeguards across data protection, retention, encryption, and regional routing. Use this page as the canonical reference for your security and legal teams.
Data protection
Production data is processed in isolated VPCs with strict network ACLs. Operators use just-in-time access that expires after each maintenance window. All access is logged and reviewed weekly.
Retention & storage
Outcome artifacts remain for 180 days by default. Configure shorter windows per automation or request legal holds for audits. Backups replicate across three availability zones and are encrypted at rest.
Encryption & hashing
- Data at rest: AES-256 with automated key rotation managed via HSMs.
- In transit: TLS 1.2+ with perfect forward secrecy.
- Secrets: Hashicorp Vault plus envelope encryption for credentials.
SOC-style operational policies
Change management, vulnerability scans, and incident drills follow SOC 2 Type II controls. Reports are available under NDA. Production access requires MFA, device compliance, and change tickets tied to every action.
GDPR compliance
PantherIQ acts as a processor. We sign DPAs with standard contractual clauses, support data subject requests in under 30 days, and offer EU-only processing when requested.
Cross-region data flow
Data residency controls let you pin automations to US, EU, or APAC regions. Cross-region transfers require explicit approval and are logged with purpose, retention window, and authorized operator.