Security is at the forefront of everything we do at Pathlight – we take security very seriously. This is not just about securing our customers, it is also about securing our platform and our customers’ data. It is everyone’s role at Pathlight to make sure we are as secure as possible.
Our service runs 100% on Amazon Web Services’ highly secured data centers which have several certifications, including SOC II, PCI DSS, and HIPAA. We deploy and maintain best practices to secure that infrastructure including network and data security, and customer data segregation.
By default, Pathlight does not store any data from our customers' integrated systems. The only data we store are the aggregated performance metrics and any related metadata. Combined with our advanced sync schema controls, the vast majority of PII never touches our servers.
Pathlight Enterprise customer’s data is siloed in their own single-tenant data warehouse and Virtual Private Cloud. Customers have the option of fully owning and controlling their VPC.
As a customer-first organization, we are committed to not breaking trust with our prospects, customers, or business partners by publicly releasing information about their data, their security, their vulnerabilities, or any proprietary information without their consent. We take the confidentiality of that information seriously.
From stringent employee recruiting and onboarding to office security, access privileges, and infrastructure change management, we ensure industry best practices are being followed by every team member, every day.
We believe in the responsible disclosure of vulnerabilities to our service and will reply to all reported vulnerabilities.