Security by Isolation.
We don't encrypt your data because we never touch it.
PackNative - Parametric Packaging on Your Infrastructure runs entirely within your firewall, inheriting your security posture. No external API calls are made for geometry calculation.
The "No-Phone-Home" Guarantee
Most "Private Cloud" solutions still require a heartbeat connection to the vendor. We don't.
- No outbound traffic required for geometry calculation
- License validation can be performed offline (air-gapped)
- Updates are pulled via Docker, not pushed
- Logs are written to stdout/stderr, never sent to us
Reduced Attack Surface
By eliminating multi-tenancy, we eliminate an entire class of security vulnerabilities.
In a SaaS, a bug in the code could leak Data A to Customer B. In PackNative - Parametric Packaging on Your Infrastructure, your instance only knows your data. There is no Customer B.
You hold the encryption keys. You control the backups. You decide when to patch. We cannot simply be subpoenaed for your data.
The container can run without a default gateway. It accepts pricing inputs and returns geometry outputs. It needs no outside world.
Security Artifacts
| Artifact | Description | Availability |
|---|---|---|
| SBOM (Software Bill of Materials) | Complete inventory of all dependencies and versions used in the Docker image. | Public |
| Penetration Test Report | Annual third-party assessment of the core binary logic. | Enterprise |
| Source Code Access | Read-access to git repository for internal auditing purposes. | Enterprise |
| CVE Scanner Results | Automated Trivy/Grype scan results for the latest container tag. | Public |
Note on SOC2: Because PackNative - Parametric Packaging on Your Infrastructure is self-hosted, we do not provide a SOC2 Type II report for *our* infrastructure, as we do not host your data. Instead, PackNative - Parametric Packaging on Your Infrastructure falls under the scope of *your* internal SOC2 audit.
Common Questions from CISOs
Security First.
Have specific compliance requirements or need a detailed security review?