Contact Us

Security & Privacy

Our Trust Framework

Pentalpha Governance is committed to institutional-grade security, ensuring transparency and data integrity through rigorous policies and structured frameworks.

SECURITY & PRIVACY INFRASTRUCTURE

PentAlpha Surveillance maintains institutional-grade security protocols and rigorous privacy standards. We prioritize the protection of client data through sophisticated encryption, structured governance, and continuous monitoring. We want to hear from you if you are aware of a vulnerability or threat to PentAlpha. 

Product Vulnerability & Incident Reporting:
To report a potential vulnerability or security incident involving a PentAlpha product, contact PentAlpha Product Security Incident Response Team at Security@PentAlphaSurveillance.com

Governance

PentAlpha’s Security and Privacy teams establish policies and controls, monitor compliance with those controls, and prove our security and compliance to third-party auditors.

​Our policies are based on the following foundational principles:

  • Principle 01 — Least Privilege Access: Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.
  • Principle 02 — Defense-in-Depth: Security controls should be implemented and layered according to the principle of defense-in-depth.
  • Principle 03 — Consistency: Security controls should be applied consistently across all areas of the enterprise.
  • Principle 04 — Continuous Improvement: The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

Security & Compliance Certificiations

For information regarding PentAlpha’s Security and Compliance certifications please visit PentAlphas Trust Center.

Data Protection

Data at Rest:

All datastores with customer data are encrypted at rest. Additionally, sensitive data is protected at file level. This means the data is encrypted even before it hits the database so that neither physical access, nor logical access to the database, is enough to read the most sensitive information.

Data in Transit:

PentAlpha uses the current recommended TLS level or higher everywhere data is transmitted over potentially insecure networks.

Secret Managment

Encryption keys are managed via Azure Key Management System (KMS). KMS stores keys which prevents direct access by any individuals, including employees of PentAlpha.

Application secrets are encrypted and stored securely via Azure Key Vault, and access to these values is strictly limited.

Product Security

Penetration Testing:

PentAlpha engages with a third-party penetration testing consulting firm at least annually. Our current preferred penetration testing partner is NCC Group. All areas of the PentAlpha’s product and cloud infrastructure are in-scope for these assessments.

Vulnerability Scanning:

PentAlpha conducts Monthly vulnerability scanning on all systems:

  • Malicious dependency scanning to prevent the introduction of malware into our software supply chain
  • Network vulnerability scanning on a periodic basis
  • External attack surface management (EASM) continuously running to discover new external-facing assets

Enterprise Security

Endpoint Protection:

All corporate devices are centrally managed and are equipped with mobile device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. We use MDM software to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates.

 

Vendor Security:

PentAlpha uses a risk-based approach to vendor security. Factors which influence the inherent risk rating of a vendor include:

  • Access to customer and corporate data
  • Integration with production environments
  • Potential damage to the Vanta brand

 

Once the inherent risk rating has been determined, the security of the vendor is evaluated in order to determine a residual risk rating and an approval decision for the vendor.

 

Security Education:

PentAlpha provides comprehensive security training to all employees upon onboarding and quarterly through educational modules within Knowbe4. All engineers also receive privileged user training sessions focused on secure coding principles and practices.

 

Identity & Access Management:

We enforce the use of phishing-resistant authentication factors.

PentAlpha employees are granted access to applications based on their role and deprovisioned upon termination of their employment. Further access must be approved according to the policies set for each application.

Privacy Notice

This privacy notice describes how PentAlpha Surveillance LLC (“PentAlpha”, “our” or “we”) collects and uses personally identifiable information.

Currently, we do not provide services to individuals, and except for individuals who apply to work for PentAlpha as specifically described below or with whom we engage as part of providing services or in the course of conducting our internal business operations, we do not collect personally identifiable information directly from such individuals. We may receive personally identifiable information about individuals from our clients or from interactions with other individuals. We use this information to provide services for our clients, to communicate with those clients and others, and for internal operations. We also may use this information to comply with our own legal requirements or to respond to lawful requests for that information, such as government orders or subpoenas.

PentAlpha may disclose personally identifiable information to third parties such as vendors, clients, and governmental agencies. We may also disclose personally identifiable if our business is acquired or merges, in whole or in part, with another company that would become responsible for providing our services to you,, which case we may disclose information with the other business in connection with the transaction, and personally identifiable information may be transferred to the new business upon completion of the transaction.

If an individual applies to work at PentAlpha, we will collect the individual’s name, contact information, employment information, and other such information as may be reasonably expedient in order to consider that individual’s employment. We only use this information in order to make hiring decisions.

Our clients require us to protect and secure personally identifiable information, and we take reasonable measures to protect personally identifiable information we possess. However, we cannot guarantee that no breach or compromise of personally identifiable information will occur.

Revision: 1.72   |   Updated: Apr 2026

Headquarters
  • Two Greenwich Office Park Greenwich, CT 06831
  • +1 (203) 555-0980 contact@pentalphagov.com
Follow us:
Linkedin
New York State Office
  • 501 John James Audubon Parkway
    Suite 401
    Amherst, NY 14228
Copyright 2026 © All Rights Reserved.