Security FAQ
Last updated
Last updated
We maintain a wide range of internal policies and security controls, backed by automatic monitoring as well as manual evidence gathering, and our compliance with these policies is subject to annual external audit. These policies govern (among other topics,) our assessment of risks, our software development lifecycle, how systems are accessed, management of vulnerabilities, recovery from disasters, and how we classify and protect data.
Our most recent SOC 2 Type 1 and Type 2 reports are available to customers on request, as is as our latest penetration test report. Both can be obtained from the .
Customer data is stored in GCP (Google Cloud Platform) within the USA.
Poggio is a data processor under the GDPR as reflected in its .
The Poggio B2B Dataset is assembled from a range of data providers that Poggio curates to ensure you’re getting the most comprehensive and accurate answers across available sources.
No. Customer data is never shared across workspaces. The Poggio Workspace is a hard data boundary within our multi-tenant platform.
Workspace members only have access to their own data, which includes user details, prospect information, enablement materials, AI generated content, chat sessions, and uploaded files.
Customer data is used to provide the service and to provide support. We also use user feedback to improve our product (but not to train LLMs.)
Excerpt from the Poggio Terms of Service:
(f) Feedback. From time to time Customer or its employees, contractors, or representatives may provide Poggio Labs with suggestions, comments, feedback or the like with regard to the Subscription Services (collectively, "Feedback"). Customer hereby grants Poggio Labs a perpetual, irrevocable, royalty-free and fully-paid up license to use and exploit all Feedback in connection with Poggio Labs' business purposes, including, without limitation, the testing, development, maintenance and improvement of the Subscription Services.
Poggio’s Data Deletion Policy applies to all application data which includes all information contained in your Poggio workspace. All customer data is deleted within 60 days of the account becoming inactive.
An often overlooked aspect of enterprise readiness is the cost of training and team adoption. Poggio is specifically designed so that members of the sales team can readily self-onboard and begin realizing significant value in minutes.
In transit, we use HTTPS with an SSL policy requiring TLS 1.2 or newer and a restricted set of modern cipher suites. GMEKs () protect data at rest.
Yes. See our . Poggio is compatible with any identity provider that supports SAML 2.0.
Input and output data is owned by the customer. See our for more information.
Please email to report harmful content or misinformation. Include a screenshot of the content that you’re reporting.
Enterprise workspace governance, SSO & IdP integration with domain controls, and flexible enterprise license agreements for large deployments ensure Poggio can adapt to your organization’s procurement and security requirements. Poggio does not use customer data to train or fine-tune AI models, and we mandate the same for all of our 3rd party vendors, preventing IP leakage at the enterprise level for your entire team (see our and .) Furthermore, we maintain zero-data-retention (ZDR) agreements with our LLM partners and 3rd party vendors. Poggio uses only 256 and 384 bit encryption methods, and customer data is encrypted in transit and at rest. Poggio undergoes regular SOC 2 Type 2 audits and penetration testing.
If you or your organization has further questions related to security or anything else, please don’t hesitate to reach out to .