Perfect Wiki
Perfect Wiki Trust Center

Your data stays yours.

This is the single source of truth for how Perfect Wiki protects customer data, runs its service securely, and meets its obligations to you. Read the policies, check sub-processors, request a DPA (Enterprise plan), or report a vulnerability โ€” all from here.

Email the security teamโ†’Read the full Trust Center
TLS 1.2+ in transitAES-256 at restGDPR & CCPA compliantEU & US data residencyHosted on Google Cloud
At a glance
Hosting
Google Cloud ยท US, Ireland, Germany
Encryption (transit)
TLS 1.2+ with PFS
Encryption (rest)
AES-256 (GCP) + AES-256-GCM secrets
Authentication
Microsoft Entra ยท Google ยท email OTP
Backups
Encrypted daily ยท 60-day retention
Account deletion
Honored within 30 days
Security at a glance

The answers your security team is going to ask for.

We've answered the IT-review questionnaire thousands of times. Here's the short version โ€” encryption, hosting, identity, monitoring, backups, and what happens to your data when you leave.

Encryption in transit

TLS 1.2+ with perfect forward secrecy on every endpoint, terminated at Cloudflare and re-encrypted to origin.

Encryption at rest

AES-256 full-disk on Google Cloud for all customer data. Application-layer secrets are additionally wrapped with AES-256-GCM.

Authentication & SSO

Microsoft Entra and Google Workspace SSO plus passwordless email OTP. MFA is inherited from your identity provider.

Hosting & residency

Google Cloud Platform โ€” US, Ireland, and Germany regions. Enterprise customers may pin data residency to a specific region.

Backups & restore

Encrypted daily backups retained up to 60 days, with a documented restore procedure that we test on a recurring schedule.

Environment separation

Production, staging, and development environments are fully isolated. Production data is never used for non-production purposes.

24/7 monitoring

Automated monitoring and alerting via Sentry, scheduled-job check-ins, and uptime monitoring on our public status page.

Export & deletion

Self-service HTML export at any time, including after termination. Customer-initiated account deletion is honored within 30 days.

Compliance & certifications

Where we are today โ€” no hand-waving.

We're a small, profitable company. We follow the controls under frameworks like SOC 2 and ISO 27001 and track toward formal certification as we grow โ€” and we tell you honestly what's done, what's in progress, and what isn't in scope.

Compliant
  • GDPRPublic sub-processor list, data-subject requests honored, EU data hosted in the EU. DPA signed for Enterprise customers.
  • CCPACalifornia residents' rights are honored under our Privacy Policy.
Available on request
  • CSA CAIQ v4.0.3Self-assessment available to customers and prospects on request.
  • Data Processing AgreementEnterprise planStandard GDPR DPA. Signed only for customers on the Enterprise plan.
In progress
  • SOC 2Not yet certified. We follow the underlying controls and are tracking toward formal certification.
  • ISO 27001Not yet certified. Controls implemented and policies maintained per the standard.
Not in scope
  • HIPAAPerfect Wiki is not designed for Protected Health Information.
  • PCI DSSWe do not store, process, or transmit payment card data โ€” billing is handled by FastSpring and Paddle.
  • FedRAMPWe are not designed for U.S. federal workloads.
Sub-processors

The full list of who touches your data โ€” and why.

Each sub-processor below is bound by a contract requiring confidentiality and appropriate security measures, including a GDPR-compliant DPA where applicable. Enterprise plan customers under a signed DPA are notified at least 30 days before a new sub-processor begins processing personal data.

Infrastructure
Google Cloud Platform
Primary hosting โ€” database, storage, compute
US ยท Ireland ยท Germany
Cloudflare
CDN, DDoS protection, TLS termination at the edge
Global
AI & search
Azure OpenAI
LLM and embeddings for AI search and Q&A โ€” your data is not used to train models
US
Algolia
Full-text search indexing of wiki content
US / EU
Qdrant
Vector database for semantic search
EU
Communications
Postmark (Wildbit)
Transactional email โ€” sign-in codes, notifications
US
SendPulse
Email delivery
EU / US
Operations
Sentry
Error monitoring and application performance
US
PostHog
Product analytics (pseudonymous usage events)
US / EU
Bitbucket
Source code hosting and dependency scanning
US
Billing
FastSpring
Subscription billing and payment processing
US
Paddle
Subscription billing and payment processing
US / EU
Read the full sub-processor listIncludes contact info, integration-specific processors, and update history.
Policies

Written down, reviewed annually, approved by leadership.

Every policy below is reviewed and re-approved at least annually by the CEO/CTO. We share the full text with prospects under NDA during procurement.

Information Security PolicyDisaster recovery
  • 01Information Security Policy
  • 02Access Control & Identity Management
  • 03Cryptography & Key Management
  • 04Data Classification, Retention & Deletion
  • 05Incident Response Plan
  • 06Business Continuity & Disaster Recovery
  • 07Change & Configuration Management
  • 08Vulnerability & Patch Management
  • 09Vendor & Sub-processor Management
  • 10Risk Management
  • 11Human Resources Security
  • 12Secure SDLC
  • 13Asset Management
  • 14Logging & Monitoring
  • 15Acceptable Use
Transparency

The links your procurement team is going to ask for.

Documents you can hand directly to legal, IT, or your security reviewer โ€” no NDA gating required.

Enterprise plan

Data Processing Agreement

Standard GDPR DPA with Standard Contractual Clauses for international transfers. Signed only for customers on the Enterprise plan.

Request the DPA

Sub-processors

Current list of third parties that may process customer data, with purpose, data category, and location. Updated as our stack evolves.

See the list

Vulnerability disclosure

Found a security issue? We commit to acknowledging within 3 business days and triaging within 10. Safe-harbor terms included.

Report a vulnerability

Status page

Real-time uptime, incident history, and scheduled maintenance for every Perfect Wiki service.

Open the status page
Contact

Have a security question we didn't answer here?

Email us at hello@perfectwiki.com for security questionnaires, DPAs, sub-processor questions, or anything else your team needs to clear procurement. We respond within one business day.

Email security teamOpen the full Trust CenterSee sub-processors
Ready when you are

Stop being the person who answers the same question every week.

Join 10,000+ companies who've turned their messy SharePoint folders into an AI agent everyone on the team can use.

Book a call with usโ†’orStart free trial yourself
No credit card30-min onboarding callSetup in under 10 minutesConnect your existing SharePoint