A consolidated view of how Progull handles customer environments, data and incidents. Maintained by the Progull security team. Anything not stated here is available on request.
12-month observation window, no exceptions. Report available under NDA.
Stage 1 audit complete. Stage 2 scheduled Q3 2026.
Aligned with ISO 27001 program. Same Stage 2 window.
DPA available. EU DPO appointed. Standard contractual clauses supported.
Business Associate Agreement available for healthcare customers.
Progull does not store cardholder data. Documented descoping available.
Customers on Enterprise plans receive 30-day written notice of any sub-processor addition with a right to object.
PGP key available on request. Safe-harbour for good-faith research.
Standard DPA, SCCs and UK addendum available. Custom terms reviewable.
GDPR / CCPA access, rectification and deletion requests routed to the DPO.