Permit.io is built with security by design, every turn and point where security measures can be implemented they are. A significant portion of the security architecture is provided through the OPAL architecture
- All connections are SSL encrypted (HTTPS and SSH for Git)
- All PDP connections are outgoing, i.e. the PDP is the initiator of all the connections both to the Permit cloud and to any data-source you choose to configure.
- only exception is queries sent to the PDP (e.g. queries from the Permit SDKs)
- By default no data is uploaded to the Permit cloud (all needed can be hosted locally in the PDPs); only meta-data [e.g. user object GUIDs] are uploaded.