SECURITY

How we protect your catalogue.

PartSentinel handles industrial catalogue data that often contains commercially sensitive cross-references and identifiers. Security is not a separate function — it is the product. This page summarises our posture; full documentation is available under NDA.

Last updated : 2026-04-27Working draft · contractually binding only when annexed to a signed MSA.

1 · Infrastructure

  • EU-resident hosting (Frankfurt, Paris). No data leaves the EU at rest or in transit unless an audited model API is itself outside the EU — in which case only the prompts strictly necessary for the audit transit, never raw catalogue files.
  • Encryption — TLS 1.3 in transit, AES-256 at rest. Per-customer encryption keys for catalogue blobs.
  • Network isolation — production tenants live in dedicated VPCs; the open-weight model GPU pool is air-gapped from internet egress.

2 · Access control

  • Role-based access (RLS at the database layer) — every read of every reference is scoped to its owning organisation.
  • SSO support on Continuous tier (SAML 2.0, OIDC).
  • Engineer access to customer data is logged, time-bound and reviewed monthly. No standing access.

3 · Audit log

Every audit run produces an immutable log: prompts, model responses, model versions, timestamps, content hashes. Retained seven years on EU-resident, write-once storage to satisfy AI Act Article 53(1)(d) reproducibility.

4 · Compliance and certifications

  • GDPR — full DPA available on request.
  • SOC 2 Type II — in progress, target Q3 2026.
  • ISO 27001 — planned, target Q1 2027.
  • AI Act Article 53(1)(d) — evidence pack generated automatically per audit (see /ai-act).

5 · Incident response

Security issues triaged within 24 hours. Customers notified within 72 hours of confirmed breach. Coordinated disclosure for vulnerability reports — see contact below.

Vulnerability reports or DPA requests:

security@partsentinel.com
PrivacyTermsDPA