Security FAQ

Frequently asked questions

Where can I read Poggio’s security and data policies?

• Terms of Service

• Acceptable User Policy

• Privacy Policy

• Data Processing Addendum

What security controls does Poggio maintain internally?

We maintain a wide range of internal policies and security controls, backed by automatic monitoring as well as manual evidence gathering, and our compliance with these policies is subject to annual external audit. These policies govern (among other topics,) our assessment of risks, our software development lifecycle, how systems are accessed, management of vulnerabilities, recovery from disasters, and how we classify and protect data.

Our most recent SOC 2 Type 1 and Type 2 reports are available to customers on request, as is as our latest penetration test report. Both can be obtained from the Poggio Trust Center.

Where does Poggio customer data reside?

Customer data is stored in GCP (Google Cloud Platform) within the USA.

Is Poggio compliant with data protection regulations such as GDPR?

Poggio is a data processor under the GDPR as reflected in its DPA.

What encryption methods are used for data at rest and in transit?

In transit, we use HTTPS with an SSL policy requiring TLS 1.2 or newer and a restricted set of modern cipher suites. GMEKs (Google Managed Encryption Keys) protect data at rest.

Where does the data in the Poggio Dataset come from?

The Poggio B2B Dataset is assembled from a range of data providers that Poggio curates to ensure you’re getting the most comprehensive and accurate answers across available sources.

Does Poggio support SSO / integrate with my IdP?

Yes. See our SSO documentation. Poggio is compatible with any identity provider that supports SAML 2.0.

Who owns Poggio input and output?

Input and output data is owned by the customer. See our Subscription Services Terms and Conditions for more information.

Are others able to see our data or input?

No. Customer data is never shared across workspaces. The Poggio Workspace is a hard data boundary within our multi-tenant platform.

Workspace members only have access to their own data, which includes user details, prospect information, enablement materials, AI generated content, chat sessions, and uploaded files.

The AI Products Q&A says customer data is not used to train or fine-tune LLMs. Is this data used by Poggio for any other purpose or algorithm?

Customer data is used to provide the service and to provide support. We also use user feedback to improve our product (but not to train LLMs.)

Excerpt from the Poggio Terms of Service:

(f) Feedback. From time to time Customer or its employees, contractors, or representatives may provide Poggio Labs with suggestions, comments, feedback or the like with regard to the Subscription Services (collectively, "Feedback"). Customer hereby grants Poggio Labs a perpetual, irrevocable, royalty-free and fully-paid up license to use and exploit all Feedback in connection with Poggio Labs' business purposes, including, without limitation, the testing, development, maintenance and improvement of the Subscription Services.

What is Poggio’s data retention period?

Poggio’s Data Deletion Policy applies to all application data which includes all information contained in your Poggio workspace. All customer data is deleted within 60 days of the account becoming inactive.

How can I report harmful content or misinformation?

Please email notices@poggio.io to report harmful content or misinformation. Include a screenshot of the content that you’re reporting.

Poggio: Enterprise-ready Sales AI

Enterprise workspace governance, SSO & IdP integration with domain controls, and flexible enterprise license agreements for large deployments ensure Poggio can adapt to your organization’s procurement and security requirements. Poggio does not use customer data to train or fine-tune AI models, and we mandate the same for all of our 3rd party vendors, preventing IP leakage at the enterprise level for your entire team (see our Terms of Service and AI Products Q&A.) Furthermore, we maintain zero-data-retention (ZDR) agreements with our LLM partners and 3rd party vendors. Poggio uses only 256 and 384 bit encryption methods, and customer data is encrypted in transit and at rest. Poggio undergoes regular SOC 2 Type 2 audits and penetration testing.

An often overlooked aspect of enterprise readiness is the cost of training and team adoption. Poggio is specifically designed so that members of the sales team can readily self-onboard and begin realizing significant value in minutes.

If you or your organization has further questions related to security or anything else, please don’t hesitate to reach out to sales@poggio.io.