Trust & Security

How We Handle Your Data

PinotPulse is built for U.S. credit unions, which means examiner scrutiny is part of the operating model. This page is a plain-language tour of how the platform is secured, where your data sits, who can see it, and what we ship in CI to keep it that way.

Compliance & Audit Status

Where We Stand Today

We publish the state of every audit and certification track honestly — including the ones still in the observation window. A sophisticated CIO would rather see “in progress” than “trust us.”

SOC 2 Type II

Audit observation window in progress. Audit-trail evidence is collected automatically with every regulatory action. Per-organization data isolation is enforced at the database level. Public attestation expected following window completion.

Window In ProgressEvidence Auto-Collected

Per-Organization Data Isolation

Every table that touches member or institutional data is isolated by organization at the database level. One CU’s data is never visible to another — not by application logic alone, but by the database itself. Cross-organization reads are impossible by construction, not by code review.

Database-Level IsolationEnforced by Default

Eight Canonical Roles

Phase-2b consolidation reduced 10 ad-hoc roles to 8 canonical roles plus 4 capability flags. Separation of duties enforced server-side: a loan officer cannot approve their own filing, a trial viewer cannot write through any API path, a board member sees what board members should see — and the rules are in code, not policy PDFs.

Server-EnforcedSeparation of Duties

Tamper-Evident Audit Logs

Every BSA action — SAR, CTR, OFAC, CIP (§ 1020.220), EDD (§ 1010.610), CDD (§ 1010.230(d)) — writes a paired intent + outcome row with CFR citation. Audit log writes are append-only with cryptographic chaining. SOC 2 CC7.2 evidence is automatic, not retrofitted.

Append-OnlyCC7.2 Evidence

Cloud Infrastructure

Enterprise cloud infrastructure with blue-green deployment. Managed PostgreSQL with automated backups and point-in-time recovery. Live transaction analytics with streaming ingestion. Hosted in U.S. cloud regions only — your data does not leave the United States.

Managed Cloud HostingU.S. Regions Only

What We Do Not Do

We do not sell, share, or repackage your data. We do not train models on your member data. We do not store credentials for your core banking system in plaintext or any reversible form. We do not run admin panels with placeholder buttons — if a feature is not live, it is not in the navigation.

No Data SaleNo Model Training on Your Data
Recent Hardening

Security Work Shipped This Quarter

A few visible items from our recent release cadence. We publish these because they are the kind of work that matters to a security-conscious buyer.

  • Privilege escalation paths closed across admin and platform routers — closed a SOC 2 control gap on user administration.
  • Trial accounts hardened to read-only at the API level — demo accounts cannot write through any path, including direct API calls.
  • Board-member access scoped to read-only by default — closed three latent paths where board users could trigger writes.
  • No vapor surfaces in production — every “coming soon” surface either wires to live functionality or is removed from the navigation.
Release Cadence

Major releases every quarter. Security and feature ships continuously.

The platform is under active development. Major regulatory module releases land on a quarterly cadence (the most recent: Reg B + Reg Z + CRA 2024 modernization in 2026 Q2). Security patches and feature ships go out on a continuous cadence. Quality and audit-trail gates run on every change before release.

Want the Detailed Security Brief?

Request the full PinotPulse trust brief: how data is isolated, where it’s encrypted, our SOC 2 timeline, and how audit-trail integrity is maintained from the database up.

Request Demo & Security Brief Email contact@pinotpulse.com