Security
Security at Panelynx
How we protect your data, who can access it, and the controls we build into every decision.
Last updated June 2026
Tenant isolation
Each customer’s data is logically separated and scoped to their tenant.
Encryption in transit & at rest
TLS in transit and customer-managed keys at rest.
Audit logging
Every decision and change is recorded with a timestamp.
GDPR + DSAR
Tooling to handle data-subject requests and retention.
Scoped access controls
Role-based access so people see only what they should.
Responsible disclosure
A clear channel to report security issues to our team.
Our approach
Panelynx is built so the interview itself is structured, fair, and auditable. Security is part of that, not an afterthought. This page describes how we handle and protect your data.
Panelynx is new and not yet ISO 27001 certified. We are built to align with it and will fully support your own certification and security review.
Hosting & infrastructure
Customer data is hosted in a single, defined cloud region with multi-availability-zone redundancy and regular automated backups.
- Defined data-residency region
- Multi-AZ redundancy
- Automated, retained backups
Encryption
Data is encrypted in transit using TLS and at rest using customer-managed keys. Key management and rotation follow documented procedures.
Access controls
Access is role-based and scoped to the minimum needed. Administrative access is limited, logged, and reviewed.
Single sign-on
SAML SSO is available so your team signs in through your identity provider with your own policies enforced.
AI and your data
AI features run via the Anthropic Claude API. Your data is not used to train models, and logging is limited to metadata.
Responsible disclosure
If you believe you’ve found a security issue, please contact us so we can investigate and respond quickly. We appreciate good-faith reports.
Contact
For security questions, security reviews, or to request our subprocessor list and DPA, reach our team at the address below.