PostureGuard
Book demo Start free audit
Pricing
Book demo Start free audit
Trust Center

How we handle your data — and what we'd tell you if anything changed.

PostureGuard uses read-only access, never stores your infrastructure data long-term, and is built for regulated environments from day one.

Certifications

Our compliance posture.

🔐

SOC 2 Type II

⟳ In process

Pursuing SOC 2 Type II covering Security, Availability, and Confidentiality. Our controls are built to pass from day one.

🤖

ISO 42001

✓ Aligned

ISO 42001 is the global AI management systems standard. PostureGuard is built to satisfy and monitor it — we eat our own dog food.

🇮🇳

DPDP-aligned

✓ Aligned

Our data handling practices align with India's Digital Personal Data Protection Act. We help you get ready — and stay ready ourselves.

🇪🇺

GDPR-aligned

✓ Aligned

Data minimisation, purpose limitation, and data subject rights are baked into our platform design — not bolted on.

☁️

AWS-hosted

✓ Live

Deployed on AWS ap-south-1 (Mumbai) for Indian customers, with data residency controls on Enterprise plans.

🏛

Pen-tested

⟳ Scheduled Q3 2026

Third-party penetration testing scheduled for Q3 2026. Results shared with Enterprise customers under NDA.

Architecture

How we protect your access.

👁

Read-only access, always

PostureGuard uses read-only IAM roles. We can never modify, delete, or create resources in your environment.

🚫

No data exfiltration

We analyse configuration metadata and access paths — we never copy or store your business data, records, or customer PII.

🔑

Credential-free scanning

Short-lived, role-assumable credentials scoped to discovery. No long-lived API keys are stored on our side.

🔒

Encryption in transit & at rest

All data in transit encrypted with TLS 1.3. Posture metadata at rest encrypted with AES-256; customer-scoped keys on Enterprise.

📋

Signed evidence packs

Evidence is cryptographically signed and timestamped so auditors can verify it was generated from your live estate — not assembled manually.

Drift alerting

When a compliance control regresses, you're alerted immediately — not at the next scheduled audit.

Related

Compliance documentation.

DPDP Hub → Product: Compliance & Evidence → Privacy Policy → Terms of Service →

Questions about our security practices?

For security reviews, enterprise procurement, or detailed controls documentation, reach out directly.

Talk to our team team@postureguard.io