Your life's data deserves enterprise-grade protection.
Panzoe holds some of the most personal data software can hold — so security is a product feature, not a checkbox.
Authentication
Hardened email + password auth with bcrypt hashing, brute-force lockouts and httpOnly session cookies. Google SSO available; enterprise SSO on the roadmap.
Role-based access
Owner, Admin, Manager and User roles enforced on every API call. Invitations, membership records and permission checks are first-class platform primitives.
Workspace isolation
Every document — projects, bills, medications, budgets, courses — is scoped to your organisation and user. No cross-tenant reads, by construction.
Audit trails
Security-relevant events and executive decisions are logged with actor, action and timestamp, ready for compliance review.
AI data handling
Your data is sent to AI models only to answer your requests, never for training. Deterministic analytics handle everything that doesn't need an LLM.
Encryption everywhere
All traffic is encrypted in transit with TLS 1.2+, and data is encrypted at rest in secured cloud infrastructure with continuous monitoring and backups.
Stripe payment security
Payments are processed entirely by Stripe, a PCI-DSS Level 1 provider. Panzoe never sees or stores your full card number — only transaction records.
Data protection & your rights
PIPEDA (Canada) and GDPR aligned: export your data in one click, delete your account anytime, and see exactly what we hold in the Privacy Policy.
Ongoing improvement
Security is never finished. We continuously patch dependencies, review model behaviour, run internal audits and harden the platform as it grows.
Responsible disclosure
Found a vulnerability? We take good-faith reports seriously and respond fast. Email security@panzoe.ai with enough detail to reproduce the issue and we'll acknowledge within one business day. We don't pursue legal action against good-faith researchers who respect user privacy and give us reasonable time to fix.