Trust Center
Last updated: May 2, 2026
Compliance posture, sub-processors, data residency, and evidence library for procurement reviews. PortalPilot by NordScope, built and hosted in the EU.
Compliance posture
- GDPR Article 28: in force via our Data Processing Agreement.
- EU Cloud Code of Conduct (Self-Attestation): self-attested
- ISO 27001 (Annex A self-attestation): in force; statement of applicability published.
Standards & frameworks
We maintain self-attestation against publicly published frameworks. Validation by independent third parties is on the Phase 2 roadmap below.
- EU Cloud Code of Conduct (Phase 1 self-attestation; Level 1 declaration deferred to Phase 2).
- ISO 27001:2022 Annex A controls (93 controls authored, self-attestation; SOC 2 Type II readiness review on roadmap).
- GDPR Articles 28, 32, 33: in force.
Data residency
All customer data processed and stored in Hetzner Finland (eu-helsinki1). AI inference runs on Mistral AI in Paris. No US data storage. No US sub-processors. See /sub-processors for the full list.
Data flows & PII
The standard install grants read scopes for diagnostic analysis plus the write scopes the customer-approved cleanup actions require (property creation, validation-rule push, governance fixes). We sample contact, company, deal, and ticket records to compute diagnostic scores; results are stored in our self-hosted Supabase database. We retain analysis results for 12 months from last analysis and delete on request within 30 days.
If your procurement policy requires read-only third-party access, you can install PortalPilot in read-only mode instead. No write scopes are requested. Write-action CTAs render disabled on read-only portals and the backend rejects write calls at the edge function layer. The trade-off: HubSpot has no read-only tickets scope, so ticket diagnostics show an explanatory empty state. You can upgrade to full access later from your portal settings.
Personal data is encrypted at rest (AES-256-GCM) and in transit (TLS 1.2+). Breach notification within 72 hours of becoming aware per GDPR Article 33. Supervisory authority: Office of the Data Protection Ombudsman, Finland.
Sub-processors
We engage sub-processors for hosting, AI inference, and operational tooling. All are bound by data processing agreements equivalent to ours. Changes notified at least 30 days in advance. View canonical list →
Independent testing
- External penetration test: in progress (Q3 2026 target).
- Cyber Essentials Plus certification: in progress (Q3 2026 target).
Evidence library
- Data Processing Agreement (in force)
- Privacy Policy (in force)
- Terms of Service (in force)
- Sub-processors list (in force)
- Security details (in force)
- EU Cloud CoC self-attestation (in force)
- ISO 27001 Annex A statement of applicability (in force)
- ISMS scope statement (in force)
- Risk register (in force; public view)
- Internal Audit Report: 2026 Q2 (in force; ISO 27001 clause 9.2)
- SOC 2 Trust Service Criteria: Equivalence Map (in force; not a SOC 2 attestation)
- CAIQ v4.0.3 pre-fill: PDF · CSV · CSA licenceLast reviewed: 2026-05-20
- NordScope Security FAQ (PDF, in force)
- Law-enforcement transparency report (in force, updated within 30 days of any request)
- Status page (status.portalpilot.io, in force)
- Evidence metadata (evidence.portalpilot.io): [planned]
- MFA AAL2 enforcement posture: [planned]
- Token rotation visibility: in force
Request a security review
Need additional artefacts (SOC 2 Type II readiness statement, custom DPA, scoped pen test summary)? Email security@portalpilot.io and we will respond within 2 business days.