How Pecan Addresses Data Security Concerns | Pecan AI

How Pecan Addresses Data Security Concerns

Our top priority is keeping your data safe. Learn how Pecan's security measures protect your data in the predictive modeling process.

In a nutshell:

  • 2023 saw a rise in data breaches, making data security a top concern for organizations.
  • Pecan's predictive AI only uses data provided by users and does not access any personally identifiable information.
  • Pecan holds ISO 27001 and SOC 2 Type II certifications, demonstrating a commitment to data security.
  • Pecan employs strong internal policies, security-oriented engineering, reputable collaborations, cryptography and encryption, and thorough authentication processes to keep data safe.

2023 seemed to be the year of data breaches. From 23andMe to Paypal, major companies were involved in data scandals that left customers feeling uneasy and, at times, unsafe.

With the threat of a data breach in the back of everyone’s mind, data security is one of the top concerns for organizations. And for good reason! Protecting your organization’s data is how you protect your employees, clients, and customers. 

It should be a top priority.

Data security is our top priority, too. At Pecan, we’ve engineered our entire platform to keep your data safe so you and your customers can rest easy.

Whether you’re a data professional or a business leader wanting to make sure your customers’ data is safe, we have you covered. 

In this article, we answer your most frequently asked questions and walk you through all the ways Pecan keeps your data protected and secure. 

Data security is a complex issue — but valuing your security? That’s a no-brainer.

Photo by Robert Linder on Unsplash

What data does Pecan’s predictive AI use?

In order to build your predictive AI model, you’ll need to provide Pecan with the relevant data. But that’s all the data we use — we don’t sift through your data storage software or scoop out data you haven’t selected for us.

Whether you’re manually selecting data to upload or working with one of our team members to help transfer data into the tool, Pecan has access only to the data you choose to share. You can choose specific files or tables, or just select portions of your data to upload into the model. We built our platform to provide you with extensive choices when it comes to what data gets plugged in.

You also don't need to share any personally identifiable information (PII) at any point. PII is completely left out of our modeling process, so you don’t need to worry about our model revealing sensitive information. 

How long does Pecan hold onto my data?

If you choose to delete a connector or terminate your relationship with Pecan, your data is deleted at that time. 

Where is my data being held?

Security has been top of mind since day one at Pecan. We opted to build a 100% cloud-based model, which helps protect your internal data. No customer data is ever stored on our company’s PCs or phones, and our customer-support employees can only access customer models through our company VPN — so no one is logging in on their cell phone, either.

Finally, we ensure there is no cross-contamination or inadvertent leakage of information. One customer's data is never utilized as enrichment for another customer's AI model, maintaining complete data privacy and isolation. Your data is truly safe with us.

pecan's security certifications

Pecan holds widely recognized security certifications

What security certifications does Pecan have?

Security certifications are one of the best ways for a company to show its commitment to security. We have two rigorous security certifications demonstrating our passion for upholding above-and-beyond data security. They are:

ISO 27001

This certification is an international information security management system (ISMS) standard. It relates primarily to our risk management process and hones in on an organization’s ISMS. ISO 27001 proves our commitment to maintaining, updating, and improving security processes over time.

SOC 2 Type II

This certification is an audit procedure that ensures our tooling is analyzed by a third-party auditor on a regular basis. The Type II designation is the most rigorous version of the SOC 2 procedure that assesses the Pecan security infrastructure's design and operational effectiveness.

These certifications together demonstrate a comprehensive data security program that’s approved by international organizations and third parties. 

list of ways pecan is committed to data security

Security is a top priority at Pecan

What are some other ways Pecan demonstrates its commitment to security?

We’ve covered the bases for providing a secure tool, inside and out. Let’s dive into a few more ways we protect your data.

Strong internal policy

Internal safeguards are an important element of data security. We have substantial measures in place within our company that protect your data, including:

  • A zero-tolerance policy. We don’t tolerate any data risks within our own organization. Pecan employees demonstrate their commitment to safety by agreeing to a zero-tolerance data security policy when they join our team. 
  • Zero personal access. Your data is held and protected within the VPN, so employees, such as customer-support employees, can’t interact with it through personal devices.
  • 24/7 log monitoring. Our round-the-clock monitoring covers our entire production environment, logging any sign-in attempt and its IP address, any data connection opened, and any operation executed by the system. If something unusual happens, we know about it.
  • Incident response management. If there’s a data incident — whether internal or external — we have a rigorous protocol to resolve the issue. We monitor our data security with 24/7 SOC service, and we are alerted immediately of any suspected data issues so we can resolve them as quickly as possible.

Security-oriented engineering

When we developed Pecan, security was a top priority, and it still is. We engineered our tool to be strong against accidental breaches. We use the OWASP Secure Software Development Life Cycle Projects as our guide, which keeps security at the forefront of software production.

Additionally, we conduct periodic penetration tests that check the strength of our security. Security tests like these make sure that security is maintained over time (which is also demonstrated by our SOC 2 Type II certification).

Reputable collaborations

Our commitment to security extends to our providers. We choose to exclusively collaborate with reputable organizations that care as much about security as we do. Our cloud vendor is Amazon Web Service (AWS), and Databricks provides our data-processing infrastructure. We’re transparent and proud of our provider selections.

Cryptography & encryption

Our collaboration with Amazon Web Service (AWS) is an important part of our encryption protocol. Pecan’s database files are encrypted using Amazon S3 Server Side Encryption (S3-SSE). We also make it easy for our customers to encrypt their data — they can do it directly or work with a Pecan team member to encrypt their data.

Another important element of our cryptography and encryption protocol is our VPN. We use a 2FA-enabled VPN to contain our network, and all Pecan activities performed by employees are done on company computers that include this VPN. 


Finally, we keep your data safe with a thorough authentication process. We require Pecan login passwords to be eight characters or longer and include a number and a symbol. While remembering all your SaaS passwords can feel like a hassle, using a password is an important way to keep your data safe within our tool.

Once a password is correctly entered into our login screen, a signed and encrypted access token is obtained, and users can proceed to Pecan. If a person fails to sign in ten times, access is revoked. So be sure to record your password securely!

We also support Google and Microsoft SSO, and on our custom plan, we can support any SAML and OIDC SSO providers.

Your data is safe with us

If Pecan sounds like a good fit for your organization’s needs, we encourage you to reach out and book a demo. We’ll walk you through our Predictive GenAI platform and answer any and all of your questions related to our platform.

You can also skip the demo altogether and sign up for a free trial — if learning on your own is your preferred style.

Within our free trial, you can try securely uploading a small data sample and get a quick intro to our Predictive GenAI capabilities. 

With certifications, security-oriented engineering, and strong internal processes, we make it our top priority to keep your data protected.