Trust Center

Zero-Trust
Architecture.

We process data in memory. We do not store incident bodies. Your on-call data never touches our persistent storage layer.

“We see your alert counts. We never see your incident details.”

How We Protect Your Data

Zero-Trust Architecture

Every request is authenticated and authorized in isolation. We assume breach by default and apply least-privilege at every layer.

In-Memory Processing Only

We process your PagerDuty incident data entirely in memory to generate reports. Incident titles and bodies are never written to disk or a database.

SOC 2 Type II Ready Infrastructure

PagerAudit runs on Vercel and Supabase, both of which hold SOC 2 Type II certifications. Our architecture inherits their compliance posture.

AES-256 Encryption for API Keys

Your PagerDuty API token is encrypted at rest using AES-256 before being stored. Keys are never logged or exposed in any response payload.

Instant Revocation & Deletion

Revoke access at any time from your PagerDuty account. Upon revocation, we immediately and permanently delete all associated metadata.

Compliance at a Glance

  • Read-only OAuth 2.0 scope — we can never modify your PagerDuty data
  • No incident body or description text is stored
  • All data in transit uses TLS 1.3
  • API keys encrypted with AES-256-GCM before persistence
  • Vercel infrastructure: SOC 2 Type II, ISO 27001
  • Supabase database: SOC 2 Type II, GDPR-ready

Want to delete your data?

Revoke PagerAudit’s OAuth access in your PagerDuty account settings at any time. Email us at security@pageraudit.io and we will delete all associated metadata within 24 hours.

← Back to Home