data protection

World-class security infrastructure

Our security approach focuses on security governance, risk management and compliance. This includes encryption at rest and in transit, network security and server hardening, system monitoring, logging and alerting, and more.

Penny Hyperscale cloud is architected to be resilient against disruptions with redundant infrastructure, processes and automated incident response.


Enterprise level security is provided with multiple authentication methods from OpenID with OAUTH2, to Corporate SSO to legacy system protocols.


A centralized platform built to scale from a hundred to hundreds of thousands of consultants, high volume of customer orders and worldwide reach.


Penny Enterprise platform is built to the highest security standards. Penny and its data are completely isolated and receive rapidly deployed security updates without customer interaction or service interruption.

Penny Hyperscale cloud – world-class architecture leveraging simultaneously active and redundant systems that allow the
overall system to survive outages and remain operational.

Platform Security – holistic security approach is built into Penny operations, encompassing hardware and infrastructure, systems, applications, transmission and storage.

Robust API – highly secure, flexible and robust API enables Penny to connect to any of your existing and future back-office systems.

Security best practices

  1. Secure and reliable infrastructure. Penny uses Amazon Web Services (AWS) for the hosting and production environments. AWS centers are monitored by 24×7 security, biometric scanning, video surveillance and are fully SOC certified.
  2. Separation of machines housing critical data from machines running front end applications
  3. Strict access controls to each data piece defined by both Penny and the client
  4. An audit system which records each transaction built into the core of the product
  5. Physical restriction to machines is only allowed by authorized vendor, not even Penny employees can physically access them

Technical Architecture

How does Penny connect and integrate with my environment?

Penny Technical Architecture

Data Privacy

Data ownership – Your data belongs 100% to you. Access to customer data is limited to authorized employees.

Data usage – We only use customer and consultant data to provide our service.

Data Encryption – Penny encrypts data at rest and data in transit between devices and networks for all of our customers. Data is encrypted at rest using industry standard AES-256 encryption algorithm

Privacy Policy

Development policy

The Penny development team uses a standardized process to ensure changes are made securely and reliably, with a focus on quality.

  1. All changes begin with a pull request from a local development branch to a QA environment.
  2. A code review is done by a senior developer before any changes are merged into a QA environment.
  3. All changes are tested in QA, and another run of testing in UAT.
  4. After rigorous UAT testing, code is pushed from UAT to production. All code migrations occur across SSL.
  5. Code deployment keeps all software up to date with the latest security patches.

Compliance standards

We are taking every step to ensure our people, processes and technology are compliant with any laws, rules, regulations and standards. For any questions about information and data security, please contact


Penny is committed to helping users understand their rights and obligations under the General Data Protection Regulation (GDPR) and ensures compliance with GDPR requirements.


We operate in accordance with data protection policies that are based on privacy principles that underlie the California Privacy Act (CCPA).

Penny Enterprise

a Demo

Discover how to turn a data-driven, sales enablement platform into your competitive advantage.
Schedule A Demo2
Schedule a Demo
Schedule A Demo2