IT EN
Trust & Security

Clear security for people who need trust before they buy.

PongoFin handles accounts, documents and admin workflows. Security should be understandable before it becomes deeply technical: where data stays, how it is protected, what we guarantee, and how to request a deeper review.

Request DPARead Privacy Policy

What a buyer should understand immediately

Four clear trust messages, without dense technical noise. These are the points that matter most in an early-stage evaluation.

EU data

Your data stays in Europe

Storage and processing operate inside the EU service perimeter used by PongoFin. We do not repurpose customer data for unrelated commercial use.

Encryption

Protection in transit and at rest

Traffic is encrypted and stored data is protected. Sensitive credentials are not kept in plaintext.

Privacy

Your workspace does not train AI models

Transactions, IBANs, counterparties and uploaded documents are not used to train AI models.

Control

Export and deletion stay in your hands

You can request export, account closure and data deletion through a documented operational process.

Decision support

Fast answers to the questions buyers ask first

This page should help a decision, not force a long reading session. These are the answers most often needed in demos and reviews.

Short answers instead of legalese.

Same tone as the rest of the landing.

Technical detail available only when needed.

Where is the data?

Inside the infrastructure perimeter used by PongoFin to deliver the service in Europe.

Do you use customer data to train AI?

No. AI works on workspace context, but customer data is not used to train models.

Can we export or close everything?

Yes. Export and deletion requests are part of the documented operating scope.

Do you provide DPA and supporting materials?

Yes. DPA, privacy, cookie and supporting materials are available for legal or commercial review.

For IT and compliance

Technical detail only for the people who need it

Procurement, IT and compliance teams can go one level deeper without forcing every visitor through a dense security review. These sections keep the technical checkpoints available.

Infrastructure and jurisdiction Where PongoFin runs and how tenants are separated.
  • Edge runtime on Cloudflare with a smaller surface than traditional long-lived servers.
  • Workspace-level separation across operations and application data.
  • Documents served through short-lived signed access.
Encryption and access How transport, storage and sensitive credentials are protected.
  • TLS on public endpoints and encryption on stored data.
  • Sensitive credentials encrypted at application level and never stored in plaintext.
  • Short-lived tokens and workspace-scoped access checks.
Operational privacy What enters logs, what does not, and how retention/export are handled.
  • Passwords, tokens and secrets are not exposed in application logs.
  • Sensitive financial information is handled with redaction and minimization.
  • Retention and export follow documented rules by data category.
Payments and review How payments and deeper security review requests are handled.
  • Payments are handled by Stripe; PongoFin does not store card numbers.
  • DPA and support materials can be shared during commercial review.
  • Security reports and IT review requests receive dedicated follow-up.

Need a deeper technical review?

If you are evaluating PongoFin for a firm, company or group, we can share additional procurement, IT and compliance materials without turning this page into an internal audit document.

Write to [email protected] Contact the team

Data Controller: GP Dev Studio di Giampietro Pregnolato — more details in Privacy Policy and Terms of Service. Privacy Policy , Terms of Service .