Security

Pascal holds a strong operational ethos around customer data security, confidentiality, and compliance. Pascal adopts leading industry standards across infrastructure, application, and operational practices to protect customer data.

For security inquiries or suspected vulnerabilities, contact security@teampascal.com.

1. Data Security

All customer data is encrypted on Google Cloud Platform (GCP) at rest with a FIPS 140-2 validated crypto module using AES-256 bit encryption and in transit using TLS 1.2+. Pascal configures customer data stores on private IP connectivity to reduce exposure to the public internet. Pascal also encrypts sensitive content with restricted key access. For technical documentation, see the GCP security features.

2. Customer Controls

Pascal allows customers to enforce authentication policies (including MFA) through their identity provider via SSO/SAML. Pascal only uses data from customer-provisioned, admin-approved source applications. Customers control their data lifecycle, including limiting accessible data and deletion.

3. AI Security

Pascal implements tool-level access controls to limit AI agent capabilities based on user permissions, preventing unauthorized data access through AI workflows. Pascal disables response storage where supported by model providers. For technical documentation, refer to the model provider data policies:

• OpenAI data controls
• Claude data usage