Skip to content
Trust and compliance

Customer data security, by design.

Phano reads your most sensitive data to produce diagnostics. Protecting it is not optional: encryption, per-organization isolation, European hosting and least-privilege access are built into the product.

The measures in place

Whether you are a CSM or an Account Manager, your accounts' data stays protected from connection to diagnostic delivery.

End-to-end encryption

Encryption in transit (TLS 1.3) and at rest (AES-256). Access tokens to your third-party tools are encrypted server-side.

Per-organization isolation

Each organization's data is strictly isolated at the database level (Row Level Security). Your accounts are never accessible to another organization.

Least-privilege access

Phano connects to your tools through an OAuth manager: no passwords are stored, and permissions are read-only for most of what it analyzes.

Audit logs

Every sensitive operation is recorded in audit logs, kept for 12 months then purged automatically.

Multi-factor authentication

Multi-factor authentication (MFA) is available to strengthen access to your team's accounts.

No ad tracking

Only technical cookies are used (session, CSRF protection, language). No advertising cookies or third-party trackers.

Hosting and subprocessors

Your application data is hosted in the European Union. The database and authentication are located in Ireland; application hosting, the CDN and the OAuth manager are also in the EU.

Some specialized subprocessors (payments, transactional email, AI providers) are located in the United States and covered by standard contractual clauses (SCC) or a data processing agreement (DPA). The full list is in the privacy policy.

Artificial intelligence and privacy

  • Anonymization before analysis

    Identifying data (names, emails, phone numbers) is anonymized automatically before anything is sent to an AI provider.

  • No training on your data

    Data is sent on a per-request basis and is never used to train models.

  • SOC 2 Type II compliant providers

    The AI providers we use are SOC 2 Type II compliant and offer contractual guarantees of data non-retention.

Your data belongs to you

In line with the GDPR, you can access your data, rectify it, export it in JSON format or delete it permanently. These rights can be exercised from your profile or by email at privacy@phano.ai, with a response time of 30 days.

Our commitments are detailed on the GDPR page and in the privacy policy.

Connect your tools with confidence.

The first diagnostic arrives the same day, on a foundation protected by design.

Connect my CRM Ask a security question
Free trialNo credit cardFirst diagnosis same day