Security Overview
This section describes the architecture decisions, data handling practices, and infrastructure properties that shape how Percus protects client data and controls access to the platform.
The goal is to give clients and integrators a clear, accurate picture of what Percus does — and what it does not do — so that security and compliance teams can evaluate the platform with accurate information.
Design principles
Minimize data exposure. Percus does not store customer PII on its servers. Personalization data is handled client-side in the viewer's browser and is never transmitted to or persisted by Percus infrastructure.
Isolate concerns. The platform is split into independent services, each with a narrow responsibility and its own data store. Compromise of one service does not grant access to another.
Delegate to managed infrastructure. By running on AWS managed services (Lambda, Aurora Serverless, S3, CloudFront), Percus inherits AWS's physical security, network controls, and patching for the underlying infrastructure layers.
Enforce access at the API boundary. Authorization is applied consistently at the API layer, not left to individual components or the frontend.
What this section covers
| Page | What it answers |
|---|---|
| Authentication | How users log in and how sessions are managed |
| Access Control | How roles and organization isolation are enforced |
| Data Handling | What data Percus stores and how PII is kept in the browser |
| API Security | How API credentials work and how inter-component communication is secured |
| Infrastructure | AWS services, secrets management, logging, backups, and vulnerability scanning |
| Compliance | Regulatory applicability and compliance roadmap |
| Responsible Disclosure | How to report a security vulnerability |