Resources – Security & Compliance

Enterprise Security,
Fully Documented

Vetted contributors working in controlled environments across the US, Thailand, and India. In-region storage, full audit trails, AES-256 at rest and TLS 1.2+ in transit.

SOC 2

Type II attested

ISO 27001

Certified ISMS

In-region

Data residency + audit logs

Vetted

Background checked workforce

Security & Compliance

Built for Enterprise Diligence

Authentication, encryption, and governance documented to the standard your security team expects. Each control mapped to the framework, the policy, and the proof.

Authentication

MFA + Zero Trust

Enterprise MFA with zero-trust access. Role-based permissions across teams, languages, and projects. Restricted internet, email, and ports on all annotation workstations.

Encryption

AES-256 + Key Control

AES-256 encryption at rest, TLS 1.2+ in transit. Customer data isolated per project, without co-mingling across engagements. Audio, text, and metadata stay inside authorized environments.

Data Governance

Continuous Monitoring

Real-time monitoring against GDPR and ISO 27001 controls. In-region storage, role-based access, and full audit logs — regulated data ready, end to end.

PPH In-house tooling

pZero

Controls are enforced in pZero, our proprietary annotation and evaluation platform. pZero provides role-based access, project-level data isolation, and audit logging across all engagements.

Document Library

Compliance &
Assurance Documents

Certifications

ISO 27001 Certificate

Download Document

Full Reports

SOC 2 Type II Report

ISO 27001 Report

Trust & Compliance

Protect Data.
Reduce Risk.
Deliver with Confidence.

ISO 27001:2022

Productive Playhouse meets the internationally recognized gold standard for information security, including 93 security controls across 14 domains.

SOC 2 Type II

Annual third-party audits ensure continuous compliance with all five trust criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Vendor Risk & Due Diligence

FAQs

What we evaluate, how we scale, and how we handle your data.

All

What We Evaluate

How We Scale

How We Handle Your Data

All

What kinds of problems do you actually solve?

The ones that quietly kill model performance: LLMs that sound right but are wrong, search that misses intent, outputs that break outside English, edge cases nothing else catches.

What exactly do you evaluate?

LLM responses for accuracy and reasoning. Search for relevance and ranking. Personalization for fit. News and UGC for credibility. Media for quality. Golden datasets to validate the rest.

How do you handle multilingual complexity?

Native-level raters who understand context, culture, and intent — not just translation. The difference between a model that works globally and one that quietly fails outside English.

How do you scale without breaking quality?

Work is structured as measurable tasks, assigned to trained raters, tracked to time per task. Predictable throughput, fast capacity flex, consistent quality. No chaos, no black box.

What happens as volume and complexity increase?

More volume and harder tasks mean more human effort. What matters is how it’s managed. We align task design, effort, and workforce so you scale without degrading quality or timelines

Can our data be used to train your models or third-party models?

No. Customer data is used only to deliver the contracted service. We do not train internal or third-party models on your data without explicit written authorization.

Which certifications and frameworks do you maintain?

SOC 2 Type II and ISO 27001, with continuous monitoring against GDPR, CCPA, and HIPAA controls. Reports available under NDA via the document library.

Do you isolate customer data across engagements?

Yes. Each engagement runs in a dedicated environment with no co-mingling of customer data, models, or annotations across projects or clients.

What controls exist on annotation workstations?

Role-based access, MFA, restricted internet and email, blocked ports, and disabled local printing. Annotation happens inside our proprietary tooling, not in shared environments.