perathos

// trust center

Trust information for early enterprise reviews.

This page answers security and procurement questions directly. Every statement is either a current public control, a limitation, or a planned item.

pt-br

Informacoes de confianca para revisoes enterprise iniciais.

Esta pagina responde perguntas de seguranca e compras de forma direta. Cada afirmacao e um controle publico atual, uma limitacao ou um item planejado.

Security contact path

Current

Security inquiries can be submitted through the site contact flow. A dedicated security mailbox is planned once it is operationally configured.

Canal de contato de seguranca

Solicitacoes de seguranca podem ser enviadas pelo fluxo de contato do site. Um email dedicado de seguranca esta planejado quando estiver operacionalmente configurado.

Open / Abrir

No false certifications

Current

Perathos does not claim SOC 1, SOC 2, ISO 27001, HIPAA, or FedRAMP certification without a completed audit or formal program.

Sem certificacoes falsas

A Perathos nao declara SOC 1, SOC 2, ISO 27001, HIPAA ou FedRAMP sem auditoria concluida ou programa formal aplicavel.

Open / Abrir

Security questionnaire

Current

A ready-to-paste questionnaire helper is available with direct answers, limitations, and planned controls.

Questionario de seguranca

Um auxiliar de questionario esta disponivel com respostas diretas, limitacoes e controles planejados.

Open / Abrir

Responsible AI policy

Current

The public policy explains how AI should be used in development and operations without exposing secrets or customer data.

Politica de IA responsavel

A politica publica explica como IA deve ser usada em desenvolvimento e operacoes sem expor segredos ou dados de clientes.

Open / Abrir

Incident response summary

Current

A lightweight incident response framework is published with triage, containment, recovery, and customer communication expectations.

Resumo de resposta a incidentes

Um framework leve de resposta a incidentes esta publicado com triagem, contencao, recuperacao e expectativas de comunicacao com clientes.

Open / Abrir

Security packet

Current

A lightweight security packet is available as a page section and generated markdown download for procurement review.

Pacote de seguranca

Um pacote leve de seguranca esta disponivel em pagina e em markdown gerado para revisao de compras.

Open / Abrir

trust center sections

What we can explain today

Security overview

Perathos publishes a lean trust surface for procurement review. We avoid certification claims that are not backed by a completed audit.

Visao geral de seguranca

A Perathos publica uma superficie objetiva de confianca para compras. Evitamos declarar certificacoes sem auditoria concluida.

Access control

Least privilege is the expected operating model. Product-specific workspace controls should be demonstrated from the live environment before being used as evidence.

Controle de acesso

Menor privilegio e o modelo esperado. Controles especificos de workspace devem ser demonstrados no ambiente ativo antes de virarem evidencia.

Secrets and authentication

Secrets should not be stored in source code or shared in chat/docs. Write-only secret handling and API key expiration are not claimed here unless shown in the customer environment.

Segredos e autenticacao

Segredos nao devem ficar em codigo-fonte nem em chat/docs. Secrets write-only e expiracao de chaves API nao sao declarados aqui sem demonstracao no ambiente do cliente.

Logging and auditability

Run history, logs, timestamps, metrics, and errors are treated as required evidence areas. They should be shown from the deployment in scope.

Logs e auditabilidade

Historico de execucoes, logs, timestamps, metricas e erros sao areas de evidencia exigidas. Devem ser mostradas no deployment em escopo.

Data protection

Customer data handling is defined by data type, deployment scope, retention needs, and contract terms. Column anonymization is only represented as current when demonstrated.

Protecao de dados

Tratamento de dados de clientes depende do tipo de dado, escopo do deployment, retencao e contrato. Anonimizacao de colunas so e atual quando demonstrada.

Responsible AI

Customer data should not be used for model training unless explicitly agreed in writing and technically supported in the deployment.

IA responsavel

Dados de clientes nao devem ser usados para treinar modelos sem acordo explicito por escrito e suporte tecnico no deployment.

Incident response

The incident process is intentionally small: identify, contain, investigate, recover, communicate, and document corrective action.

Resposta a incidentes

O processo de incidente e pequeno de proposito: identificar, conter, investigar, recuperar, comunicar e documentar correcao.

Subprocessors

Subprocessors are listed by function when confirmed. Provider-specific claims are not made unless the stack is verified.

Suboperadores

Suboperadores sao listados por funcao quando confirmados. Nao declaramos provedores especificos sem verificar a stack.

not claimed as current / nao declarado como atual

Controls that require live product evidence

The public files in this checkout do not prove the following controls are live. We do not present them as current controls here.

API keys with expiration dates
write-only secrets after creation
workspace user removal
runs history with logs, timestamps, metrics, and errors
column anonymization
manual job execution
alerts
independently configured jobs
API/orchestration controls

security packet

Lightweight procurement packet

  • Company overview
  • Architecture summary
  • Data flow diagram
  • Access control model
  • Logging model
  • Retention model
  • Incident response summary
  • Security contact
  • Procurement FAQ
Download markdownAudit readiness

future compliance roadmap

Formal audit readiness

Planned

Perathos is a startup and is building toward formal audit readiness. Certification will only be claimed after an audit is complete.

Preparacao para auditoria formal

A Perathos e uma startup e esta construindo preparacao para auditoria formal. Certificacao so sera declarada apos auditoria concluida.

Managed services and inherited controls

Planned

Where managed services are used, Perathos will document which controls are inherited from providers and which remain operated by Perathos.

Servicos gerenciados e controles herdados

Quando servicos gerenciados forem usados, a Perathos documentara quais controles sao herdados de provedores e quais continuam operados pela Perathos.

Narrow scope first

Current

Enterprise pilots should use least privilege, narrow data scope, limited users, and clear retention boundaries before production expansion.

Escopo restrito primeiro

Pilotos enterprise devem usar menor privilegio, escopo restrito de dados, usuarios limitados e retencao clara antes de expansao para producao.

procurement faq

Answers buyers usually ask first

Are you SOC 1 or SOC 2 certified?

No. Perathos does not currently claim SOC 1 or SOC 2 certification. We are building a control roadmap and will pursue formal audit readiness as customer scale and audit scope justify it.

Voces possuem SOC 1 ou SOC 2?

Nao. A Perathos nao declara atualmente certificacao SOC 1 ou SOC 2. Estamos construindo um roadmap de controles e buscaremos preparacao formal para auditoria conforme escala de clientes e escopo justificarem.

What is your retention policy?

Retention should be defined by data type, customer agreement, and operational need. Perathos should avoid retaining customer content longer than needed for service delivery, support, security, or legal obligations.

Qual e a politica de retencao?

Retencao deve ser definida por tipo de dado, acordo com cliente e necessidade operacional. A Perathos deve evitar reter conteudo de cliente alem do necessario para prestacao do servico, suporte, seguranca ou obrigacoes legais.

Do you support customer isolation?

Customer isolation should be implemented through tenant scoping and least-privilege access. Dedicated or stronger isolation patterns can be planned for enterprise deployments when required.

Voces suportam isolamento de clientes?

Isolamento de clientes deve ser implementado por escopo de tenant e menor privilegio. Padroes dedicados ou mais fortes podem ser planejados para deployments enterprise quando necessario.

Do you train AI models on customer data?

Perathos should not train models on customer data unless explicitly agreed in writing. If model training or vendor improvement is not technically disabled in a specific environment, that limitation must be disclosed before production use.

Voces treinam modelos de IA com dados de clientes?

A Perathos nao deve treinar modelos com dados de clientes sem acordo explicito por escrito. Se treinamento ou melhoria por fornecedor nao estiver tecnicamente desabilitado em um ambiente especifico, essa limitacao deve ser divulgada antes de uso em producao.

support and security contact

Use the contact form until a dedicated security mailbox is configured.

We do not publish a security email address or response SLA here because this repository does not confirm that either is operational.

Contact security