Security & Privacy

Security and privacy at PackGuru

Security is built into everything we do. Our customers rely on PackGuru to enhance operational reliability, and that starts with protecting their data at every step.

Governance

PackGuru's Security and Privacy teams establish policies and controls, monitor compliance with those controls, and prove our security and compliance to third-party auditors.

Our policies are based on the following foundational principles:

01

Least Privilege Access

Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.

02

Defense in Depth

Security controls should be implemented and layered according to the principle of defense-in-depth.

03

Consistent Controls

Security controls should be applied consistently across all areas of the enterprise.

04

Continuous Improvement

The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

Security and Compliance at PackGuru

PackGuru maintains a SOC 2 compliance. Our SOC 2 report is available upon request.

SOC 2
ISO 27001
GDPR
CCPA

Data Protection

Data at Rest

All datastores with customer data, in addition to cloud storage buckets, are encrypted at rest. Additionally, sensitive data is protected with field-level encryption.

This means the data is encrypted even before it hits the database so that neither physical access, nor logical access to the database, is enough to read the most sensitive information.

Data in Transit

PackGuru uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We also use features such as HSTS (HTTP Strict Transport Security) to maximize the security of our data in transit.

Server TLS keys and certificates are managed by cloud providers and deployed via Application Load Balancers.

Secret Management

Encryption keys are managed through a dedicated Cloud Key Management Service (KMS) integrated with HSM-backed key storage, ensuring that key material cannot be accessed by any individuals, including cloud provider personnel or PackGuru staff. Access to keys is strictly controlled through role-based access policies and fully audited.

Application secrets such as tokens, credentials, and API keys are stored in a secure Cloud Secret Management service, where they are encrypted at rest using KMS-managed keys. Access to secrets is governed by fine-grained permissions, versioning, and full audit logging to ensure proper traceability and adherence to least-privilege principles.

Product Security

Penetration Testing

PackGuru maintains a penetration testing program supported by independent security specialists who assess our application and cloud infrastructure on a recurring basis. These assessments help validate the effectiveness of our controls and guide continuous improvements across our security posture.

Vulnerability Scanning

PackGuru employs a multi-layered vulnerability management approach integrated into our secure development and deployment processes. This includes:

  • automated analysis of source code and dependencies,
  • continuous monitoring for known vulnerabilities in third-party components,
  • security scanning of running applications and infrastructure,
  • periodic reviews of our external attack surface.

These practices ensure timely identification and remediation of potential risks across the PackGuru platform.

Enterprise Security

Endpoint Protection

PackGuru implements centralized management and security controls across corporate devices to help ensure a secure operating environment. Our endpoint protection measures include managed device configurations, malware protection, encrypted storage, and monitoring for security-related events. We use device management tools to help enforce security baselines such as screen lock, disk encryption, and regular software updates.

Vendor Security

PackGuru uses a risk-based approach to vendor security. Factors which influence the inherent risk rating of a vendor include:

  • Access to customer and corporate data
  • Integration with production environments
  • Potential damage to the PackGuru brand

Once the inherent risk rating has been determined, the security of the vendor is evaluated in order to determine a residual risk rating and an approval decision for the vendor.

Security Education

PackGuru provides comprehensive security training to all employees upon onboarding and annually through educational modules within PackGuru's own platform. In addition, all new employees attend a mandatory live onboarding session centered around key security principles. All new engineers also attend a mandatory live onboarding session focused on secure coding principles and practices.

PackGuru's security team shares regular threat briefings with employees to inform them of important security and safety-related updates that require special attention or action.

Identity and Access Management

PackGuru uses modern identity and access management practices to protect access to our systems and data. Strong authentication methods are required across our environment, and access is granted based on role and business need. Access requests follow defined approval workflows, and access is removed promptly when no longer required.

Data Privacy

At PackGuru, data privacy is a first-class priority—we strive to be trustworthy stewards of all sensitive data.

Regulatory Compliance

PackGuru evaluates updates to regulatory and emerging frameworks continuously to evolve our program.

Privacy Policy

View PackGuru's Privacy Policy, DPA, and ISA documentation upon request.

Data Processing

We maintain active compliance with global data protection regulations including GDPR and CCPA. View our Data Processing Addendum (DPA).

Elevate your factory with intelligent, trusted operations

Discover how PackGuru enhances performance, consistency, and operator empowerment—backed by secure, industry-grade processes. Book a personalized walkthrough with our team.