Pallis is built secure from the first line — tenant isolation, encryption, and a full audit trail are part of the architecture, not add-ons bolted onto decades-old software. Your book is protected by how the platform is built, and you'll always know exactly where you stand.
Every tenant is separated at the data layer by row-level security — never co-mingled, never used to train another client's models. Isolation isn't a setting you configure; it's how the platform is built.
You always know exactly where you stand. Everything we tell you is verifiable; where a standard is still maturing, we name it plainly and show the timeline — no decoration, no fine print, no surprises six months in.
Model versions, data access, and configuration changes are recorded in an immutable, exportable trail — wired in by default, not opt-in. No black boxes.
API keys and access tokens live in an encrypted secrets vault. Postgres holds only an opaque reference — so a database is never a key store.
The controls below are live today, enforced at the platform layer — not configured per customer.
Certification validates security; it doesn't create it. The isolation, encryption, and audit controls a SOC 2 examiner looks for are live in Pallis today — formal attestation is the next milestone, on a defined path.
Security controls implemented; preparing for our first independent examination.
Extends Type I across a full observation window.
An accredited information-security management system.