Security

Built as governance infrastructure, because it is one.

Pong exists because AI governance became a board-level problem. Here is — concretely and honestly — how the platform handles your data, and where we are today.

Data custody

Your memory lives in a governed store you control. Organization, department, and user memory is your data: exportable in full, with provenance, and deletable on your terms. Pong operates the platform; it does not own what your company knows.

On the enterprise tier, the separation is physical: the data plane — the gateway and the memory store — runs inside your own VPC. Prompts, memories, and audit events never transit infrastructure you don’t control, while Pong operates the control plane.

Zero Data Retention mechanics

ZDR at Pong is enforced at route time, not asserted in a policy document. Three mechanisms make it real:

  • Route-time endpoint verificationa ZDR-required request is only dispatched to an endpoint verified as Zero Data Retention; ineligible providers are eliminated before routing ever considers them.
  • Per-request attestation recordseach request carries a record of the retention terms in force at the moment it ran, so compliance is evidenced per request, not inferred from a contract PDF.
  • ZDR-safe fallbackfallback chains for ZDR-restricted traffic contain only other verified ZDR endpoints. A provider outage cannot silently route restricted data to a retaining endpoint.

Tenant isolation

Tenant isolation is enforced with PostgreSQL row-level security — at the database, not just in the application. Every query runs under a tenant-scoped database context, and the database itself refuses to return rows outside that tenant.

The practical consequence: an application-layer bug cannot read across tenants, because the isolation boundary sits below the application.

Append-only audit

The audit log is an append-only system of record, with immutability enforced by database triggers: updates and deletes on audit events are rejected at the database layer, by anyone, including us.

Every AI interaction writes one event — the model used, the policies that fired, the retention terms attested at that moment, tokens, and cost. That is the trail auditors and regulators ask for, captured at the only moment it can be captured honestly: when the request runs.

Encryption

All traffic is encrypted in transit with TLS and terminates behind a global load balancer with Cloud Armor. Data is encrypted at rest with Google Cloud–managed encryption, and the PostgreSQL store runs regional-HA with point-in-time recovery.

Where we are today

Pong is in early access. SOC 2 Type I is in progress. We don’t claim certifications we don’t have — ask us for our current security posture and compliance roadmap, and we’ll give you a straight answer.