PCNshark
← Back to home
§ Trust · Security

Security & data handling at PCNshark.

A practical, honest look at how we handle customer data, what's live today, and what we're building toward as the product matures.

Last updated
May 4, 2026
Posture
Early-stage · building toward SOC 2-aligned controls
Contact
security@pcnshark.com
Where we are
We're not currently certified under SOC 2, ISO 27001, GDPR, CCPA, or HIPAA. The page below describes how we handle data today and the security capabilities we're actively building. If you're evaluating PCNshark for a team that requires more, write to us at security@pcnshark.com.
01

Overview

PCNshark takes a practical, security-conscious approach to protecting customer data as we build the product.

We are early-stage, but security, data handling, and access control are being designed into the product from the beginning.

02

Data handling

  • Customer data is used to provide PCN monitoring, extraction, matching, search, alerts, and related workflows.
  • We do not sell customer data.
  • Uploaded BOMs, PCNs, PDFs, and related files are processed only to operate and improve the service.
  • Customer workspaces are designed around tenant-level separation.
03

Infrastructure security

  • Encryption in transit
  • Access-controlled storage
  • Modern cloud infrastructure
  • Source PDF retention for reviewability
  • Activity history for important user and system actions
04

Internal access controls

  • Internal access to production systems is limited to authorized personnel.
  • Access is granted based on business need.
  • Administrative access is reviewed as the company grows.
  • We follow least-privilege principles where practical.
05

Security capabilities we are building toward

The table below reflects the current state of capabilities we're working on. We use plain status labels — "in progress," "planned," and "early access" — rather than implying these are all live today.

Role-based access control
In progress
Audit logs
In progress
SSO / SAML / OIDC
Planned
SCIM provisioning
Planned
API and webhook access controls
Early access
SOC 2-aligned controls
In progress
06

Compliance posture

PCNshark is not currently claiming SOC 2, ISO 27001, GDPR, CCPA, HIPAA, or other formal compliance certification.

We are building toward SOC 2-aligned controls and will expand our compliance posture as customer needs mature.

07

Security reviews and DPA

  • Security questionnaires are supported on request for qualified team and enterprise evaluations.
  • A Data Processing Addendum (DPA) may be available on request for enterprise customers.
08

Responsible disclosure

If you believe you found a security issue, contact security@pcnshark.com.

Please include:

  • Description of the issue
  • Steps to reproduce
  • Potential impact
  • Your contact information
09

Contact

For security, vendor review, or data handling questions, contact security@pcnshark.com.

© 2026 PCNshark · Last updated May 4, 2026