Enterprise-Grade Security

pmkit is built with security and governance at its core. Your data is protected by industry-leading practices and transparent controls.

Draft-Only Architecture

pmkit never writes directly to your systems. All outputs are proposals that require explicit approval before any action is taken.

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. API keys and credentials are stored in secure vaults.

Audit Logging

Every tool call, job run, and data access is logged with full traceability. Export audit logs for compliance and review.

Role-Based Access Control

Fine-grained RBAC ensures users only access data they need. Simulate permissions before deployment.

SSO & OAuth

Enterprise SSO integration with Google and Microsoft. No passwords stored; authentication delegated to your identity provider.

Infrastructure Security

Hosted on SOC 2 compliant infrastructure with regular security audits, penetration testing, and vulnerability scanning.

Compliance & Certifications

SOC 2 Type II

Our infrastructure and processes are audited annually for security, availability, and confidentiality controls.

GDPR Compliant

We comply with GDPR requirements for data protection, including data subject rights, data processing agreements, and cross-border transfers.

Data Residency

Enterprise customers can choose their data residency region. Contact sales for options.

Responsible Disclosure

We take security seriously and appreciate the work of security researchers. If you discover a vulnerability, please report it to [email protected]. We will respond within 48 hours and work with you to address the issue.