Security & Compliance
Security and data protection are foundational to how we design, deploy, and operate our platform.
Platform Security
Pyze implements industry-standard security controls to protect customer data.
Data Protection
- Encryption in transit (TLS 1.2+)
- Encryption at rest (where applicable)
- Logical data isolation between customers
Access Control
- Role-based access control (RBAC) with granular, role-aware permissions
- Single sign-on (SAML) and automated provisioning (SCIM) via your identity provider
- Row- and column-level scoping, so each role sees only the data it should
- Least-privilege principles and secure authentication mechanisms
Monitoring & Logging
- System activity logging
- Monitoring for anomalous behavior
- Incident detection and response processes
Deployment Flexibility
Pyze supports multiple deployment models, including deployment inside the customer's own environment for full data sovereignty:
- Pyze-hosted SaaS environments
- Customer-managed deployment within your own cloud (GCP) — Pyze runs where your data already lives
This is what lets Pyze operate in the most regulated industries — banking and financial services, government and public sector, and life sciences — where consumer-grade analytics tools cannot. It allows customers to:
- Maintain full control over data residency, with no behavioral data leaving the customer boundary
- Mask PII at the point of capture — telemetry, not screen recordings (see Data Privacy & Consent)
- Meet strict InfoSec and regulatory requirements
Data Processing Model
- Customers retain full control over their data
- Pyze operates as a data processor or subprocessor
- Data is processed solely to deliver the Services
Pyze does not sell or use customer data for advertising purposes.
The Pyze Data Processing Agreement is available here: Data Processing Addendum
Compliance Framework
Pyze aligns with industry-standard practices, including:
- GDPR (General Data Protection Regulation)
- SOC 2-aligned security practices
SOC 2 Type II Compliant
Pyze maintains SOC 2 Type II compliance with regular audits and continuous monitoring of security controls.
Data Governance & AI Guardrails
Pyze is built to be governed and transparent — including how its AI features operate:
- Warehouse-native SQL transparency — analysis runs against a governed model you can inspect, with no opaque black box
- A governed semantic layer underpins every metric, so numbers are consistent and auditable
- The Ask-the-Data copilot and analyst agents show the query they ran, and operate only within the user's permitted scope
- Agent access via the Pyze MCP server is scoped and governed — agents see only what their role allows
Subprocessors
Pyze uses trusted third-party providers for:
- Cloud infrastructure
- Monitoring and support
A current list of subprocessors is available here: Subprocessors
Incident Response
Pyze maintains incident response procedures to:
- Detect and respond to security incidents
- Notify customers in a timely manner
- Mitigate and remediate risks
Security Reviews
Pyze regularly:
- Reviews security controls and conducts SOC 2 audits
- Updates infrastructure and dependencies
- Performs internal assessments
- Conducts third-party penetration tests
Contact & Security Inquiries
For security or compliance questions: