// Trust & Security Report

    Parabola Technologies, Inc. logo

    Parabola Technologies, Inc.

    AI agent / workflow automation platform for operations and finance teams (Parabola "Flows" builder plus AI-powered steps); single core product with a self-serve tier and an Enterprise tier (SSO/SAML, dedicated automation-engineer implementation, role-based access). Not to be confused with the unrelated product "Parabol" (parabol.co), a meeting-notes tool.

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    "SOC2 Compliant" badge (image labeled "SOC 2 type II badge"); elsewhere on the vendor's own site: "Parabola is SOC 2 compliant" and the Enterprise page lists "SOC 2 Type II" as an included capability.

    Verify on parabola.io
    GDPR (posture / DPA)
    HELD

    "Parabola offers a Data Protection Agreement as a means of meeting the adequacy and security requirements of the European Parliament and Council of the European Union's Data Protection Directive and the General Data Protection Regulation (GDPR)." The DPA itself: "AES 256-bit encryption for Customer Data stored in Parabola's production environment" and commits to a maintained subprocessor list with 14 days' notice of changes.

    Verify on parabola.io
    > Show 7 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence on parabola.io. The security page, security FAQs, shared-data-responsibility page, and privacy policy make no mention of ISO 27001. (A third-party aggregator, nudgesecurity.com, lists Parabola as "ISO 27001 Compliant" but this is not a vendor-domain source and could not be corroborated on parabola.io.)

    source: parabola.io
    HIPAA
    NOT CONFIRMED

    "Customer acknowledges that the Services are not intended to meet any legal obligations for these uses, including HIPAA requirements, and that Parabola is not a Business Associate as defined under HIPAA." Protected health information is explicitly listed as "Prohibited Data."

    source: parabola.io
    PCI DSS
    NOT CONFIRMED

    "All payments made to Parabola go through our payment processing partner, Stripe." Payment-card data is listed as "Prohibited Data" for use within the product itself ("credit, debit or other payment card data subject to the Payment Card Industry Data Security Standards (PCI DSS)..."); any PCI compliance is Stripe's, not Parabola's own certification.

    source: parabola.io
    FedRAMP
    NOT CONFIRMED

    No public evidence on parabola.io. Not mentioned on the security page, security FAQs, or legal pages. (Third-party aggregator nudgesecurity.com claims "FedRamp Compliant" but this is unverifiable on the vendor's own domain and is treated as an over-claim risk, not fact.)

    source: parabola.io
    CSA STAR
    NOT CONFIRMED

    No public evidence on parabola.io. (Third-party aggregator nudgesecurity.com claims "CSA Star Level 1 Compliant" but this is not corroborated on the vendor's own domain.)

    source: parabola.io
    ISO/IEC 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence of an AI-governance certification on the vendor's own domain.

    source: parabola.io
    CSA STAR AI
    NOT CONFIRMED

    No public evidence of CSA STAR AI on the vendor's own domain.

    source: parabola.io

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    US-hosted (AWS, servers in the United States); EU/Swiss personal data transfers use safeguards such as EU Commission Model Contracts per the privacy policy.

    Vendor documentation states Parabola does not train its own AI models on customer data, and that its third-party LLM providers are used under enterprise agreements: "Parabola maintains enterprise-level agreements with its third-party AI model providers (incl. OpenAI and Anthropic) that include Data Processing Agreements" which "contractually prohibit the providers from using the contents of any data sent through Parabola's AI steps as training data for their models." No opt-out toggle or tier distinction is described in the available documentation; the posture is stated as a blanket contractual guarantee rather than a per-account opt-out control, which is a minor gap in transparency for enterprise buyers who want to self-verify.

    // Security controls

    Encryption in transit

    256-bit encryption; SSL/TLS 1.2+ on API and application endpoints

    parabola.io

    Encryption at rest

    AES-256 for data stored by Parabola, including production Customer Data

    parabola.io

    Hosting

    Runs fully on AWS, servers in the United States, within a segregated VPC with firewalled subnets

    parabola.io

    Password storage

    Never stored in plaintext; SHA-256 hashing derived from PBKDF2 with salts

    parabola.io

    Penetration testing

    Annual independent third-party security assessments and penetration testing

    parabola.io

    Access control (Enterprise tier)

    SSO & SAML, role-based access, usage analytics

    parabola.io

    Data handling in flows

    Data passed through an automation flow is stored in memory and never written to disk; uploaded files are stored in secured Amazon S3 buckets

    parabola.io

    Subprocessors

    Maintains a subprocessor list with 14 days' advance notice of changes to customers under DPA

    parabola.io

    // Products & data scope

    Parabola (self-serve / team plans)AI workflow automation for ops & finance

    data: Connects to and processes customer business data pulled from source systems (e.g. Shopify, NetSuite, ERP/3PL/warehouse systems) to build automated data flows

    Standard SOC 2 Type II, encryption, and DPA protections apply per the vendor's security page; no evidence of tier-gated security controls beyond SSO/SAML and role-based access.

    Parabola EnterpriseAI workflow automation, enterprise tier

    data: Same data scope as self-serve, plus dedicated automation-engineer implementation (8-12 week onboarding) and account-level access controls

    Adds SSO & SAML, role-based access, and usage analytics; enterprise page explicitly restates SOC 2 Type II as an included capability.

    // What to watch

    • A third-party aggregator (nudgesecurity.com) claims Parabola is ISO 27001, HIPAA, PCI, FedRAMP, and CSA STAR compliant. None of these claims could be corroborated on parabola.io's own security, FAQ, DPA, or legal pages, and the vendor's own Terms/OMSA explicitly disclaim HIPAA Business Associate status and treat PCI/PHI data as 'Prohibited Data.' Treat the aggregator's claims as unverified over-claims, not fact, until Parabola's own trust center lists them.
    • Name-collision risk: a different, unrelated company 'Parabol' (parabol.co, a meeting/retro tool) has its own security FAQ page that could be confused with Parabola (parabola.io) in search results. All findings here were sourced strictly from parabola.io.
    • No formal hosted trust-center portal (e.g. Vanta/Drata/SafeBase Trust Center) was found; parabola.io/security is a self-authored security page, not an independently-hosted, continuously-updated trust portal.
    • AI-training no-train guarantee rests on vendor's own statement plus asserted DPAs with OpenAI and Anthropic; no opt-out control or tier distinction is documented for teams wanting to restrict AI steps entirely.

    // At a glance

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Parabola Technologies, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    parabola.io

    > Browse all vendor trust reports