pebbleAI
Talk with sales
Platform Solutions Security Pricing
Security & governance

Built to pass the review, not just the demo.

Named controls, per-user permissions, and an audit trail your security team can actually inspect — because "we take security seriously" was never going to clear procurement.

Talk with sales See the platform

How your data flows

Secrets, documents, and identity stay on your side of the line.

1

Your environment

Documents, SharePoint farms, and a credential vault live in your cloud, VPC, or on-prem. On-prem SharePoint Server never touches Microsoft Graph.

2

Pebble, governed

Every request is checked against the user's RBAC and each capability's allow-list. Credentials are injected server-side — never through the model or the browser.

3

The model you chose

Only permitted context reaches the model your organisation enabled. Every call is logged by user, key, and MCP server for later review.

The controls procurement asks about — by name.

Identity — Entra SSO & SCIM

Sign in with Microsoft Entra; SCIM provisioning handles joiners and leavers by group assignment.

RBAC & rollout controls

Availability and deployment are separate decisions — roll a capability to one team without advertising it to the org.

Managed credentials

Provision a secret once and share it; skills pick it up at runtime — secrets flow from the vault to the script, never the model.

Audit — PebbleObserve

Usage, cost, and logs per model, key, MCP server, and endpoint, attributable by user email or full name.

Device layer

Device-bound credentials with single-use refresh tokens and reuse detection — revoke one device from the web Devices page.

Sandbox isolation

LiveApps and code run in a sandboxed iframe with no direct network access; every call is checked against a capability allow-list.

Data residency is set by your deployment

Where your data lives depends on where Pebble is deployed — your cloud, your VPC, or fully on-prem and air-gapped. We'll confirm the exact residency, sub-processors, and controls for your environment in review, rather than printing a blanket claim here.

Request the details

Send us your security questionnaire.

We'd rather answer it early than late. Let's get your team what they need to say yes.

Talk with sales