Pallas by Lonia AI

COMPLIANCE & SECURITY

Trust is engineering, not marketing

Trust is not a marketing claim. It is a set of engineering decisions and policy commitments, verified and auditable.

Standards supported

Pallas scans against and reports on the following accessibility standards:

WCAG 2.2 Level A WCAG 2.2 Level AA WCAG 2.2 Level AAA Section 508 EN 301 549

Configure which standard profile applies to each scan. Results are mapped to specific success criteria with severity ratings and remediation guidance.

Privacy architecture

Pallas is designed to minimize data exposure at every layer.

Source file handling

Uploaded documents are analyzed and discarded by default. Scan results are retained — source files are not. Configurable retention policies let your organization set its own rules.

Data minimization

Pallas stores only what's necessary for the remediation workflow: findings, metadata, status history, and audit entries. No unnecessary data collection.

No third-party data sharing

Your scan results, findings, and documents are not shared with third parties. No analytics trackers on your data. No model training on your content.

Configurable retention

Set retention policies for scan results, findings, and uploaded files. Meet your organization's data governance requirements with built-in controls.

Security

OAuth-only authentication

No passwords are ever stored. Authentication is handled through Google and Microsoft OAuth providers via Supabase Auth.

Row-level security

Every database query is scoped to the authenticated user's organization. RLS policies ensure data isolation at the database layer.

Encryption

Data encrypted at rest and in transit. TLS for all connections. Database-level encryption via Supabase's managed PostgreSQL infrastructure.

Minimal attack surface

Static marketing site. Server-side rendered app. No unnecessary JavaScript. No client-side data processing of sensitive content.

Audit trail

Every action in Pallas is logged: who changed what, when, and why. The audit trail is immutable, timestamped, and exportable. Your compliance record is always current, always complete.

  • Finding status changes with user, timestamp, and previous value
  • Assignment changes and role transitions
  • Exception creation, approval, and review
  • Scan initiation and completion
  • Report generation and export events
  • User and organization management actions

See the compliance architecture in action

Start Your Free Trial