1 Overview
Perpetual Intelligence Corp. ("Perpetual Intelligence," "we," "us," or "our") recognizes that the security of our platform and the data entrusted to us by our customers is a matter of the highest organizational priority. We endeavor to maintain a comprehensive security program that is designed to help protect the confidentiality, integrity, and availability of our systems and customer information.
This page describes the types of security measures, data protection protocols, and infrastructure practices that we seek to maintain as part of our ongoing security program. The information provided here is intended to give customers and prospective customers a general understanding of our security posture. It is not exhaustive, and specific contractual security commitments applicable to particular customers or service tiers are governed solely by the applicable written agreement between Perpetual Intelligence and that customer.
Important Notice: No information security program or technology system can provide absolute guarantees against all threats. The measures described on this page represent our good-faith efforts to maintain a reasonable and commercially appropriate security program consistent with industry standards for enterprise software providers. We make no warranty, express or implied, that our security measures will prevent all unauthorized access, data loss, or security incidents.
Our security program is subject to ongoing review and enhancement. We reserve the right to modify our security practices at any time, and we may update this page to reflect material changes to our program.
2 Infrastructure Security
We endeavor to host our platform on reputable, enterprise-grade cloud infrastructure providers that maintain recognized security certifications. Our infrastructure practices are designed to support resilience, network isolation, and availability consistent with industry norms for cloud-delivered enterprise software.
Network Architecture
We seek to design our network architecture with isolation and segmentation in mind. This includes efforts to:
- Segregate production environments from development and staging environments
- Employ network-layer controls such as firewalls and access control lists to restrict unnecessary traffic
- Utilize private networking configurations where practicable to limit external exposure of internal services
- Deploy distributed denial-of-service (DDoS) mitigation measures at the network perimeter
Availability and Resilience
We endeavor to architect our platform with availability in mind, including the use of redundant infrastructure components and geographic distribution where operationally feasible. We maintain documented business continuity and disaster recovery plans that are periodically reviewed. However, we do not represent or warrant any specific uptime percentage or recovery time objective except as may be expressly set forth in a written service-level agreement with a specific customer.
Physical Security
Our platform infrastructure is hosted in data center facilities operated by third-party cloud providers. We rely on those providers to maintain appropriate physical security controls, including access restrictions, environmental controls, and surveillance measures consistent with their published security documentation and applicable certifications.
3 Data Protection
We implement data protection measures designed to help preserve the confidentiality and integrity of data processed through our platform. These measures are intended to reduce the risk of unauthorized access or disclosure, though no technical control can eliminate such risk entirely.
Encryption in Transit
We endeavor to encrypt data in transit between clients and our platform using industry-standard Transport Layer Security (TLS) protocols. We seek to maintain current TLS configurations and to deprecate older or less secure protocol versions in a timely manner as industry guidance evolves.
Encryption at Rest
We seek to encrypt sensitive customer data at rest using industry-standard encryption algorithms and key management practices consistent with recognized security frameworks. The specific implementation of encryption at rest may vary by data type, storage medium, and service tier.
Data Isolation
Our platform is designed with logical data separation mechanisms intended to help prevent one customer's data from being accessed by another customer. The specific isolation architecture applicable to a given deployment may vary depending on deployment model and contracted service configuration.
Data Retention and Deletion
We maintain data retention policies designed to limit the retention of customer data to periods reasonably necessary for service delivery and applicable legal obligations. Upon termination of a customer agreement, we endeavor to facilitate deletion or return of customer data in accordance with the terms of the applicable written agreement.
4 Access Controls
We endeavor to maintain access control practices designed to limit access to production systems and customer data to personnel with a legitimate business need. Our access control program includes the following types of measures, subject to ongoing review and refinement:
Principle of Least Privilege
We seek to apply the principle of least privilege in provisioning internal access to systems and data, limiting access rights to those reasonably necessary for each role or function. Access rights are subject to periodic review.
Authentication Standards
We endeavor to require multi-factor authentication (MFA) for internal access to production systems and privileged administrative functions. We seek to enforce strong credential requirements and to maintain processes for timely revocation of access upon personnel offboarding or role change.
Customer-Controlled Access
Our platform provides customers with administrative controls to manage user access within their own environments, including role-based access controls, user provisioning and deprovisioning capabilities, and audit logging of access events. Customers bear responsibility for the configuration and management of user access within their own accounts.
Third-Party Access
Where third-party vendors or contractors require access to our systems in connection with service delivery, we endeavor to extend access control and security requirements to such parties consistent with the nature and scope of their engagement.
5 Application Security
We seek to integrate security practices into our software development lifecycle and to maintain application security testing programs designed to identify and remediate vulnerabilities in a timely manner, consistent with industry standards for enterprise software development.
Secure Development Practices
We endeavor to provide security training to engineering personnel and to incorporate security considerations into our development and code review processes. We seek to maintain documented secure development guidelines and to apply them in the design and implementation of our platform features.
Vulnerability Assessment
We seek to conduct periodic vulnerability assessments and, where appropriate, engage qualified third parties to perform security testing of our platform. The scope, frequency, and methodology of such assessments are subject to change at our discretion. Findings from security assessments are reviewed and addressed through our internal vulnerability management process.
Dependency and Patch Management
We endeavor to monitor our software dependencies for known vulnerabilities and to apply security patches and updates in a timely manner consistent with the severity of identified vulnerabilities and our operational requirements.
Logging and Monitoring
We seek to maintain security logging and monitoring capabilities designed to support the detection of anomalous activity and potential security incidents. The scope and retention of security logs may vary by system and are subject to our internal security policies.
6 Organizational Practices
We recognize that technical controls alone are insufficient to maintain an effective security program. We endeavor to support our technical measures with organizational policies, personnel practices, and governance structures appropriate for an enterprise software company.
Security Policies and Governance
We seek to maintain documented information security policies covering areas such as acceptable use, incident response, access management, and data handling. These policies are subject to periodic review and update.
Personnel Security
We endeavor to conduct background screening for personnel in roles with access to production systems or sensitive customer information, consistent with applicable law and our internal policies. We seek to provide periodic security awareness training to relevant personnel.
Incident Response
We maintain an incident response program designed to support the detection, containment, investigation, and remediation of security incidents in a timely manner. In the event of a security incident that materially affects customer data, we endeavor to notify affected customers in accordance with applicable law and the terms of the applicable written agreement. The timing and scope of such notifications will be determined by the circumstances of the incident and applicable legal requirements.
Vendor Risk Management
We seek to assess the security practices of material third-party vendors whose products or services are integrated into our platform delivery. Our vendor risk management practices are designed to help identify and manage risks associated with third-party dependencies, though we do not represent or warrant the security practices of any third party.
7 Responsible Disclosure
Perpetual Intelligence values the contributions of security researchers and the broader security community in helping to identify potential vulnerabilities. If you believe you have identified a security vulnerability in our platform or systems, we encourage responsible disclosure.
Reporting a Vulnerability
Please report potential security vulnerabilities to our security team by email. When reporting, we encourage you to include:
- A description of the potential vulnerability and affected component
- Steps to reproduce the issue, where possible
- The potential impact or severity of the vulnerability
- Any supporting information, such as proof-of-concept code or screenshots
We request that you refrain from publicly disclosing a vulnerability until we have had a reasonable opportunity to investigate and, where appropriate, remediate the issue. We endeavor to acknowledge receipt of vulnerability reports promptly and to communicate with reporters regarding our investigation, though we cannot commit to specific response timelines or to implementing any particular remediation.
Security Contact:
Email: security@perpetual-intelligence.com
General Inquiries: sales@perpetual-intelligence.com
Scope and Limitations
Our responsible disclosure program does not constitute authorization to conduct security testing against our systems without prior written consent. Any testing conducted without such authorization may violate applicable law and our terms of service. We reserve all rights with respect to any unauthorized access to or testing of our systems.
We do not offer financial compensation for vulnerability reports at this time, and participation in any disclosure process does not create any obligation on our part to take specific action or to provide any form of compensation or recognition.