Security & Compliance

Security and data protection are foundational to how we design, deploy, and operate our platform.

Platform Security

Pyze implements industry-standard security controls to protect customer data.

Data Protection

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest (where applicable)
  • Logical data isolation between customers

Access Control

  • Role-based access control (RBAC) with granular, role-aware permissions
  • Single sign-on (SAML) and automated provisioning (SCIM) via your identity provider
  • Row- and column-level scoping, so each role sees only the data it should
  • Least-privilege principles and secure authentication mechanisms

Monitoring & Logging

  • System activity logging
  • Monitoring for anomalous behavior
  • Incident detection and response processes

Deployment Flexibility

Pyze supports multiple deployment models, including deployment inside the customer's own environment for full data sovereignty:

  • Pyze-hosted SaaS environments
  • Customer-managed deployment within your own cloud (GCP) — Pyze runs where your data already lives

This is what lets Pyze operate in the most regulated industries — banking and financial services, government and public sector, and life sciences — where consumer-grade analytics tools cannot. It allows customers to:

  • Maintain full control over data residency, with no behavioral data leaving the customer boundary
  • Mask PII at the point of capture — telemetry, not screen recordings (see Data Privacy & Consent)
  • Meet strict InfoSec and regulatory requirements

Data Processing Model

  • Customers retain full control over their data
  • Pyze operates as a data processor or subprocessor
  • Data is processed solely to deliver the Services

Pyze does not sell or use customer data for advertising purposes.

The Pyze Data Processing Agreement is available here: Data Processing Addendum

Compliance Framework

Pyze aligns with industry-standard practices, including:

SOC 2 Type II Compliant

SOC 2 Type II Compliant

Pyze maintains SOC 2 Type II compliance with regular audits and continuous monitoring of security controls.

Data Governance & AI Guardrails

Pyze is built to be governed and transparent — including how its AI features operate:

  • Warehouse-native SQL transparency — analysis runs against a governed model you can inspect, with no opaque black box
  • A governed semantic layer underpins every metric, so numbers are consistent and auditable
  • The Ask-the-Data copilot and analyst agents show the query they ran, and operate only within the user's permitted scope
  • Agent access via the Pyze MCP server is scoped and governed — agents see only what their role allows

Subprocessors

Pyze uses trusted third-party providers for:

  • Cloud infrastructure
  • Monitoring and support

A current list of subprocessors is available here: Subprocessors

Incident Response

Pyze maintains incident response procedures to:

  • Detect and respond to security incidents
  • Notify customers in a timely manner
  • Mitigate and remediate risks

Security Reviews

Pyze regularly:

  • Reviews security controls and conducts SOC 2 audits
  • Updates infrastructure and dependencies
  • Performs internal assessments
  • Conducts third-party penetration tests

Contact & Security Inquiries

For security or compliance questions:

security@pyze.com