// Trust & Security Report

    Pecan AI Ltd. logo

    Pecan AI Ltd.

    Pecan AI is a SaaS predictive AI analytics platform that automates machine learning workflows for business teams. Core product includes churn prediction, customer lifetime value modeling, lead scoring, demand forecasting, upsell/cross-sell identification, customer winback, fraud prevention, and campaign ROAS prediction.

    Certifications held

    3

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO 27001
    HELD

    Pecan is certified under ISO 27001, a globally recognized standard for managing Information Security Management Systems.

    Verify on pecan.ai
    SOC 2 Type II
    HELD

    undergoes annual independent assessment covering security, availability, processing integrity, confidentiality, and privacy

    Verify on pecan.ai
    GDPR
    HELD

    GDPR ready; data residency under European Commission's Adequacy Decision regarding Israel; external transfers protected via contractual commitments

    Verify on pecan.ai
    > Show 4 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    no public evidence of HIPAA compliance or certification

    source: pecan.ai
    PCI DSS
    NOT CONFIRMED

    no public evidence of PCI DSS compliance

    source: pecan.ai
    ISO 27017/27018 (Cloud-specific)
    NOT CONFIRMED

    no public evidence

    source: pecan.ai
    ISO 27701 (Privacy Extension)
    NOT CONFIRMED

    no public evidence

    source: pecan.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    AWS primary infrastructure; not explicitly locked to US or EU region. Supports Israel data residency under EU Commission Adequacy Decision.

    Explicit policy: customer data is not used for any purpose other than generating predictions for that specific customer. Data is not copied, transmitted, or used for model training. Customers control which fields/entities are imported.

    // Security controls

    Encryption at Rest

    Amazon S3 Server Side Encryption (S3-SSE)

    pecan.ai

    Encryption in Transit

    Signed and encrypted access tokens; TLS for network communications

    pecan.ai

    Network Security

    Secure 2FA-enabled VPN with active firewall protection

    pecan.ai

    Authentication

    Minimum 8-character passwords with numbers and symbols; account lockout after 10 failed sign-in attempts

    pecan.ai

    Access Control

    Restricted to authorized IT, DBA, DevOps personnel, and customer success managers on need-to-know basis

    pecan.ai

    Penetration Testing

    Periodic penetration testing conducted

    pecan.ai

    Monitoring & Detection

    Comprehensive monitoring and SIEM controls for suspicious activity detection

    pecan.ai

    Data Deletion

    All data destroyed upon deletion of prediction jobs or schedules

    pecan.ai

    SDLC

    Follows OWASP Secure Software Development Life Cycle best practices

    pecan.ai

    // Products & data scope

    Pecan AI Platform (SaaS)Predictive Analytics / AI

    data: Customer business data (no PII required); raw or prepared data for predictions

    Primary offering; cloud-hosted; multi-tenant infrastructure on AWS; supports integration with CRM, data warehouse, and BI tools; data not trained on or used beyond prediction generation

    // What to watch

    • Data Processing Agreement (DPA) not publicly published; customers must contact support to obtain it
    • Data residency is AWS without explicit region lock (not guaranteed to be EU/US specific)
    • No HIPAA certification; product not suitable for regulated healthcare use cases without additional contractual safeguards
    • No PCI DSS compliance; may not be suitable for payment card processing scenarios
    • No dedicated trust center or security overview page (information scattered across /platform/data-security/ and /privacy/)

    // At a glance

    Pricing model

    SaaS subscription (pricing not publicly detailed; contact for demo)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Pecan AI Ltd.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    pecan.ai

    > Browse all vendor trust reports