PVL handles court filings, trustee ledgers, and portfolio tapes containing PII and sensitive financial data. Our security infrastructure is built to meet the standards institutional buyers expect.
Every layer of PVL's infrastructure is designed to protect the bankruptcy data, PII, and portfolio analytics that flow through our platform.
All data encrypted with AES-256 at rest and TLS 1.3 in transit. Portfolio tapes and trustee ledgers never exist in plaintext outside of active processing.
Role-based access with least-privilege defaults. Every data request is authenticated, authorized, and logged. No shared credentials, no ambient access.
Every file upload, valuation run, and data export is logged with timestamp, user identity, and action type. Your compliance team can audit any interaction.
From the moment a tape is uploaded to the final deliverable, every step follows strict data handling protocols.
Portfolio tapes are uploaded via encrypted channels and processed in isolated compute environments. Files are validated on receipt, and malformed or unexpected data formats are rejected before processing begins.
All stored data — including trustee ledgers, valuation outputs, and client configurations — is encrypted at rest using AES-256. Each client's data is logically isolated with tenant-scoped encryption keys.
Valuation packages are delivered through authenticated, encrypted channels. Clients control their own retention policies, and all data can be permanently purged on request.
PVL operates at the intersection of bankruptcy data and financial analytics. We align our practices with the frameworks that matter to institutional buyers.
Our controls are designed around the SOC 2 Trust Service Criteria — security, availability, and confidentiality. We maintain documentation and evidence ready for auditor review.
We handle consumer financial data in accordance with Gramm-Leach-Bliley Act safeguard requirements, including administrative, technical, and physical safeguards for nonpublic personal information.
Court filings and trustee data accessed through authorized channels. We maintain strict controls on PII handling, including debtor names, case numbers, and financial details within Chapter 13 records.
Documented incident response plan with defined escalation paths. Clients are notified within 72 hours of any confirmed data incident, with full root-cause analysis and remediation timeline provided.
All traffic routed through WAF-protected endpoints. Internal services communicate over private networks with mutual TLS. No public-facing database endpoints.
Multi-factor authentication required for all platform access. Session tokens are short-lived and scoped to specific permissions. SSO integration available for enterprise clients.
Continuous monitoring of access patterns, API usage, and system health. Anomalous activity triggers automated alerts. Security logs retained for a minimum of 12 months.