Trust
Security and transparency for verified procedure execution.
Compliance and security evidence can include sensitive operational context. This page explains how Proc2Proof approaches hosting, encryption, tenant isolation, subprocessors, Runner-based execution, audit trails, AI processing, and incident response. Where controls are still being formalized as part of our early-access stage, we say so explicitly.
Company and certification status
Proc2Proof is a product developed by Pelican-Tech Ltd.
Pelican-Tech Ltd. holds ISO 27001:2022 certification for its consulting and integration services. The Proc2Proof platform is not yet included in the certificate scope and is being reviewed for formal inclusion under Pelican-Tech's ISMS.
Hosting and data location
The Proc2Proof cloud control plane runs on Microsoft Azure.
Customer data is currently hosted in the Microsoft Azure West Europe region. Additional regions may be offered in the future.
Customer-controlled Runner
In customer-managed production deployments, the Customer-controlled Runner is installed in the Customer's environment, such as the Customer's VPC or on-premise infrastructure. The Runner is available on Business and Enterprise plans.
Raw evidence values remain in the Customer environment and are stored in the Runner's local database, encrypted at rest. The Control Plane receives run metadata, summary results, scores, statuses, and integrity hashes, but does not store raw evidence values.
Evidence drill-down is performed through signed proxy requests back to the Customer-controlled Runner.
Security controls
Encryption at rest
Customer data stored by the cloud control plane is encrypted at rest using Azure platform-managed encryption. Selected sensitive fields, including MFA secrets, connector secrets, and raw evidence values stored in SaaS deployments, are additionally encrypted at the application layer using AES-256-GCM.
Encryption in transit
All public endpoints are served over HTTPS with HSTS enforced. TLS 1.2 is the minimum supported version, with TLS 1.3 supported where the client supports it.
Tenant isolation
Tenant isolation is enforced through tenant-scoped data access controls and tenant identifiers checked at every API boundary.
Authentication
Password-based users authenticate with email + password and TOTP-based MFA. TOTP MFA is available across all plans for password-based users and is required before completing the first full login. OIDC SSO is available for Business and Enterprise plans, with supported identity providers including Microsoft Entra ID, Okta, Google, and any compatible OIDC issuer. SSO users may be exempt from Proc2Proof TOTP because MFA is enforced by the external identity provider. SAML 2.0 is not currently implemented.
Audit trail
Audit log access for tenant administrators is available in Business and Enterprise plans. Audit records are tenant-scoped and protected with a tamper-evident SHA-256 hash chain with increasing sequence numbers. Audit events include authentication events, permission changes, evidence access, platform-operator impersonation, deletions, exception approvals, LLM consent changes, and other administrative actions. Tenant administrators may export audit logs before retention-based purge.
AI processing
The core Service is deterministic and does not require LLM processing. AI-assisted features such as procedure parsing, role extraction, chat/Q&A, AI Assist, agent workflows, evidence classification, and suggested remediation are optional and require tenant-level consent when an external AI provider is used.
Free and Pro tenants can use external AI-assisted features only where tenant-level consent to external AI processing is enabled. The external provider for SaaS is Azure OpenAI.
Business and Enterprise Customers using a Customer-controlled Runner may configure local AI processing using Ollama, so AI processing remains within the Customer environment. These Customers may also choose to enable Azure OpenAI as an external AI provider.
Customer Data is not used to train shared third-party foundation models without the Customer's consent.
Subprocessors
Services that process customer data on our behalf. A current subprocessor list is provided to customers under DPA. Material changes to subprocessors are communicated according to the applicable agreement. Customer-configured connectors, customer-operated email relays, and local models deployed inside the Customer environment are not listed as Proc2Proof subprocessors because they are selected, operated, or controlled by the Customer.
| Service | Role | Region / Scope |
|---|---|---|
| Microsoft Azure | Hosting, managed database, and platform infrastructure | West Europe |
| Cloudflare | Proxy, CDN, and edge protection for the marketing website | Global edge network |
| Resend | Transactional email in default SaaS deployments | Provider-managed |
| Azure OpenAI | External LLM provider, used only where the tenant has enabled external AI processing | Microsoft Azure region used for the service |
Framework status
Where the Proc2Proof platform itself stands.
| Framework / Area | Status | Notes |
|---|---|---|
| ISO 27001:2022 | Scope review in progress | Pelican-Tech holds ISO 27001:2022 for consulting and integration services. Proc2Proof is being reviewed for formal inclusion under Pelican-Tech's ISMS. |
| GDPR | Internal alignment | Technical and organizational controls are being aligned with GDPR requirements. |
| Israeli privacy regulations | Internal alignment | Technical and organizational controls are being aligned with applicable Israeli privacy requirements. |
Independent security testing
Formal third-party security assessments for the Proc2Proof platform are planned as part of the platform hardening process.
Incident response
Proc2Proof maintains a documented incident response process, including severity classification, defined roles, and scenario-specific playbooks.
We notify affected customers without undue delay after becoming aware of a confirmed security incident involving their data, according to the applicable agreement, DPA, and legal requirements.