Last updated · April 19, 2026

    Security

    Pincera is built for enterprises that treat every action as audit-worthy and every connection as sensitive. This page outlines our approach to protecting customer data, operating the Service, and responding to issues. Customers under NDA can request additional detail through their account contact.

    Our approach

    Security is a design principle at Pincera, not a bolt-on. Controls are set up at the product, infrastructure, and process level, and are reviewed as the Service evolves. We design our program to align with industry frameworks for information security, privacy, and operational resilience.

    Infrastructure

    • The Service runs on established cloud providers with strong physical and network security controls.
    • Workloads are isolated per customer. Customers do not share application runtime, databases, or credentials with other customers.
    • Network boundaries use defense in depth: segmentation, restricted ingress, private networking between components, and monitoring at the edge.
    • Where customers require processing inside their own network, Pincera supports a dedicated deployment model that does not require opening the customer network to the outside.

    Data protection

    • Data is encrypted in transit using modern TLS configurations.
    • Data is encrypted at rest using industry-standard algorithms, with keys managed through our cloud provider’s key-management services.
    • Access to customer data by Nacsoft personnel is restricted to what is needed for support and operations, subject to approval, and logged.
    • Customer data is not used to train third-party generative AI models. For details, see Data & AI usage.

    Identity and access

    • Administrative access is protected by multi-factor authentication and role-based permissions.
    • Customer administrators manage their own user access, roles, and provisioning.
    • Enterprise identity is supported through modern protocols, including SAML, OIDC, and SCIM, for customers on the appropriate plan.

    Monitoring and response

    • We continuously monitor the Service for availability, performance, and security events.
    • We maintain an incident-response process that covers triage, communication, remediation, and post-incident review.
    • Customers affected by a security incident are notified without undue delay in accordance with legal and contractual obligations.

    Software development and change management

    • Code changes go through review, automated testing, and progressive rollout before reaching production.
    • Sensitive changes require additional review. Production access is limited and audited.
    • Dependencies are tracked and reviewed for known vulnerabilities on an ongoing basis.

    Vendor management

    We evaluate the security posture of our sub-processors and service providers, and we hold them to contractual commitments on confidentiality and data protection. A current list of sub-processors is available on request.

    Business continuity

    We back up customer data and critical service state on a regular schedule and maintain processes for restoring service in the event of a disruption. Specifics are shared with customers under NDA.

    Responsible disclosure

    If you believe you have found a security issue in Pincera or the Pincera website, please contact us at info@nacsoftech.com. We appreciate good-faith reports and will work with researchers to understand and resolve issues. Please do not publicly disclose a vulnerability before we have had a reasonable opportunity to investigate and respond.

    Requesting additional information

    Customers and prospective customers under NDA can request documentation on our controls, sub-processors, and data-protection practices through their account contact or at info@nacsoftech.com.