Built for the security requirements of enterprise, healthcare, and education organizations — with the controls, transparency, and compliance documentation your team needs.
PD World is hosted on AWS and Supabase — providing the reliability, performance, and security posture required by enterprise buyers.
Hosted on AWS and Supabase — proven, enterprise-scale infrastructure with 99.9% uptime SLA and global availability.
All data is encrypted at rest using AES-256. Database backups and file storage are encrypted by default.
All communications are protected with TLS 1.3. HSTS enforced across all endpoints.
Our controls, monitoring, and audit practices align with SOC 2 Type II requirements. Reports available on request.
Enterprise-grade authentication controls including SSO, MFA, and configurable session policies to meet your security standards.
Integrate with your existing identity provider — Okta, Azure AD, Google Workspace, and more.
TOTP-based MFA enforced at the organization level. Admins can require MFA for all members.
Configurable session timeouts, concurrent session limits, and automatic logout on inactivity.
Brute-force protection with configurable lockout thresholds. Minimum password complexity requirements enforced.
We meet GDPR obligations as both a data controller and processor. Choose where your data lives — US or EU — and request a signed DPA at any time.
We meet GDPR obligations as both a data controller and data processor. DPA available on request.
Choose US or EU data residency for your organization. Data stays in your selected region.
Users can request account deletion at any time. Data is purged within 30 days per our retention policy.
We provide a signed Data Processing Agreement for organizations that require one. Contact sales to request.
Row-level security enforced at the database layer — not the application layer — means cross-tenant data access is architecturally prevented.
Every database query is scoped to the authenticated user and organization. Cross-tenant data access is architecturally impossible.
Granular roles — Admin, Manager, Member, Viewer — with configurable permission sets per role.
All administrative actions, data exports, and permission changes are logged with timestamps and actor identity.
API keys can be scoped to specific resources and operations. Keys can be revoked individually.
Whether your organization is in education, healthcare, or another regulated sector, PD World has the compliance controls your team requires.
Controls and data handling practices meet FERPA requirements for education organizations managing learner records.
Healthcare organizations on the Enterprise plan can execute a Business Associate Agreement (BAA) with PD World.
On-demand compliance reports, full audit trails, and unrestricted data export — everything your security and legal teams need for reviews and submissions.
Generate on-demand compliance reports covering user access, activity history, and data processing.
Full audit trail export available for security reviews, regulatory submissions, and internal compliance audits.
Export your organization's data at any time in machine-readable formats (JSON, CSV). No lock-in.
Security reviews, pen test results, compliance documentation, DPA requests — reach out and we'll respond within one business day.
Related pages