Product How we deploy Trust About Us Login Start here
Trust & Security

Enterprise security. Zero data retention.

Independently audited across Security, Availability, and Confidentiality. Your client data never touches our models and never persists after processing.

SOC 2 Type II
Zero Data Retention
AWS Infrastructure
AI Training Opt-Out
Certification

SOC 2 Type II — independently audited

SOC 2 Type II is not a self-assessment. An independent licensed auditor reviewed our controls across Security, Availability, and Confidentiality — and verified they operated effectively over a sustained period, not just on a single day.

Audit period
Oct 2025 – Mar 2026
Six-month continuous audit period covering Security, Availability, and Confidentiality trust service criteria.
Audited by
Assurion Services LLC
Independent licensed CPA firm. Examination conducted in accordance with AICPA attestation standards.
Trust criteria
Security · Availability · Confidentiality
TSP 100, 2017 Trust Services Criteria (With Revised Points of Focus — 2022), AICPA.

The full SOC 2 Type II report is available to prospects and customers on request.

Request the report →
AI & Data Policy

Your data is never used to train AI models

PitCrew uses large language models to power its agents. Here is exactly how your data is handled — and what we guarantee about it.

No model training

Your client data, workflows, and outputs are never used to train, fine-tune, or improve any AI model — by PitCrew or any third-party model provider in our stack.

Stateless inference

All LLM calls are stateless. No prompt, input, or output is retained by the model provider beyond the duration of the request. Every call starts fresh.

Zero data retention

Customer data is processed in memory during workflow execution and not stored after completion. Data is removed from PitCrew systems upon customer request or per contract terms.

Human in the loop

Agents prepare work and surface outputs for human review. No action is taken on your systems without a person approving it first. Every decision is logged and auditable.

Infrastructure

Built on AWS with enterprise-grade controls

PitCrew runs entirely on Amazon Web Services with no physical servers. All infrastructure is cloud-native, monitored continuously, and isolated by environment.

Encryption everywhere

AES-256 encryption at rest via AWS KMS. TLS 1.2+ for all data in transit. No plaintext data paths.

Network isolation

Production runs inside a VPC with private subnets for application and database tiers. Public subnets for load balancers only. Firewall rules enforced by AWS security groups.

Multi-AZ redundancy

Active-standby deployment across two AWS availability zones. Automatic failover. Data replicated synchronously across zones.

Continuous monitoring

Server performance, network traffic, and security events monitored continuously. Vulnerability scans before every production release.

Disaster recovery

Business continuity and disaster recovery plans documented and tested. Service restoration to maximum capacity within defined recovery time objectives.

Access controls

Principle of least privilege enforced. Access credentials issued and reviewed at predefined intervals. MFA required for all employee access to production systems.

People & Process

Security is an organizational practice, not just a technical one

Background checks for all employees with access to production systems
Mandatory security awareness training on hire and annually thereafter
Formal incident management process for data breaches and security events
Annual risk assessments with documented risk treatment plans
Software development lifecycle (SDLC) security checks on every production change
Vendor risk assessments for all subservice organizations including AWS

Request our SOC 2 report

Share your work email and we'll send the full SOC 2 Type II report. Available to prospects and customers with a corporate email address.

Or book a diagnostic call at gopitcrew.com