PRAVUNE
Submit a Request
Security

Security at Pravune

Pravune aims to build and operate business software, integrations, automation, and AI-enhanced tools with practical security, data protection, and operational resilience in mind.

Last updated: 12 May 2026

1. Overview

Security is an important part of how Pravune designs and delivers services. Our work may involve business processes, operational workflows, integrations, reporting, customer systems, and personal data depending on the service being provided.

This page summarises Pravune’s current approach to security. It is intended to provide transparency for customers, partners, suppliers, and security researchers.

Organisation
Pravune Ltd
Security contact
security@pravune.com
General contact
hello@pravune.com

2. Security approach

Pravune follows a practical, risk-based approach to security. We aim to apply safeguards that are appropriate to the nature of the service, the type of data involved, the customer environment, and the risks that need to be managed.

UK data protection guidance expects organisations to use appropriate technical and organisational measures when processing personal data. Pravune’s security approach is designed around that principle.

Access control

Where Pravune manages access, we apply role-based access, least-privilege principles, and appropriate authentication controls for systems and customer environments.

Data protection

We use reasonable safeguards to protect data against unauthorised access, loss, misuse, alteration, or disclosure.

Secure development

We build software using secure development practices, code review, dependency awareness, and sensible release controls appropriate to the service.

Monitoring and logging

Where appropriate, systems may include logs, audit trails, diagnostics, and monitoring to support security, troubleshooting, and accountability.

3. Security practices

Depending on the service, project, and deployment model, Pravune may apply the following practices:

  • Use access controls appropriate to the system, service, and customer environment.
  • Limit access to systems and information to authorised users with a genuine business need.
  • Use secure configuration and maintenance practices where systems are managed by Pravune.
  • Protect accounts using suitable authentication controls.
  • Use backups, recovery planning, and operational safeguards where relevant to the service.
  • Review suppliers, tools, and third-party services where they are involved in service delivery.
  • Investigate suspected security issues and take appropriate action where required.

4. Customer data

Pravune only accesses, processes, or retains customer data where needed to provide services, support systems, deliver projects, investigate issues, meet legal obligations, or maintain appropriate business records.

Where Pravune processes personal data on behalf of a customer, the relationship may be governed by a Data Processing Agreement or equivalent contractual terms.

View Data Processing Agreement

5. Third-party services and suppliers

Pravune may use third-party providers for hosting, email, software development, analytics, diagnostics, security, communications, infrastructure, or service delivery.

Pravune may also operate self-hosted analytics and monitoring systems to understand website usage, operational health, diagnostics, and service performance.

Where third-party providers are used, we aim to select appropriate providers and take reasonable steps to ensure they support the security, reliability, and data protection requirements of the service being delivered.

6. Security incidents

If Pravune becomes aware of a suspected or confirmed security incident affecting systems, services, or customer data, we will investigate and take appropriate action based on the nature and severity of the issue.

Where required, this may include containment, remediation, customer communication, supplier coordination, legal review, or notification to relevant authorities.

7. Certification status

Pravune is not currently ISO 27001 certified, SOC 2 audited, Cyber Essentials certified, or certified under an equivalent formal security assurance framework.

We are building towards mature security and governance practices over time, including improved policy management, risk review, supplier oversight, access review, incident response, and future formal assurance where appropriate. Any future certification, audit, penetration testing summary, or formal security assurance status will be published clearly in the Trust Centre when available.

  • Pravune is not currently ISO 27001 certified.
  • Pravune has not completed a SOC 2 audit.
  • This page is not a security certification, audit report, or warranty.
  • Security measures may vary depending on the specific service, customer environment, hosting model, and project scope.

8. Responsible disclosure

If you believe you have discovered a security vulnerability affecting Pravune, please report it responsibly so we can investigate and respond.

Do not attempt to access, modify, delete, download, or disclose data that does not belong to you. Do not disrupt services, perform destructive testing, or use social engineering.

View Responsible Disclosure Policy

9. Contact us

For security questions, concerns, or vulnerability reports, contact security@pravune.com.

For general enquiries, contact hello@pravune.com.