Security

PandaDoc stores document data such as metadata, activity, original files, and customer’s data in different locations while also compiling and generating documents when requested. All data in each location is encrypted at rest with AES-256 and sophisticated encryption keys management.

PandaDoc leverages industry standard programming techniques such as having a documented development and quality assurance processes, and also following guidelines such as the OWASP report, to ensure that the applications meet security standards.

We follow the principle of least privilege in how we write software, as well as the level of access employees, are instructed to use in diagnosing and resolving problems in our software and responding to customer support requests.

The production network segments are logically isolated from other Corporate, QA, and Development segments.

At PandaDoc, the production application and underlying infrastructure components are monitored 24/7/365 days a year, by dedicated monitoring systems. Critical alerts generated by these systems are sent to 24/7/365 on-call DevOps team members and escalated appropriately to operations management.

PandaDoc infrastructure utilizes many layered techniques for increasingly reliable uptime, including the use of auto-scaling, load balancing, task queues, and rolling deployments. We do full daily automated backups of our databases. All backups are encrypted.

Web application security is evaluated by the development team in sync with the application release cycle. This vulnerability testing includes the use of commonly known web application security toolkits and scanners to identify application vulnerabilities before they are released into production.