← Back to Home

Trust & Security

Last Updated: June 3, 2026

POG ERP is built and operated by a small US-based team. We take security seriously because your business depends on it. This page summarizes how we protect your data, who we share it with, and how to reach us with questions.

Where your data lives

Customer data is hosted in Oracle Cloud Infrastructure, US-East region (Ashburn, Virginia). Data does not leave the United States in normal operation. Static assets and DNS are served through Cloudflare's global edge network.

Encryption

Authentication & access

Sub-processors

POG ERP uses the following sub-processors to provide the Service. We notify customers of material changes to this list.

Sub-ProcessorPurposeLocation
Oracle CloudInfrastructure hosting, database, storageUnited States
CloudflareCDN, DNS, edge securityGlobal
StripePayment processing and billingUnited States
WisetackCustomer financing offersUnited States
TwilioSMS messaging (A2P 10DLC)United States
TelnyxVoice and SMS infrastructureUnited States
VonageVoice messaging fallbackUnited States
DeepgramVoicemail transcriptionUnited States
Google (Gemini)AI follow-up generationUnited States
GroqAI inference fallbackUnited States
SentryError monitoring and alertingUnited States
OpenStreetMap (Nominatim)Address geocodingGlobal
GitHubSource control and deploy pipelineUnited States

Tenant data isolation

Backups & disaster recovery

Monitoring & reliability

Outbound messaging safety

Compliance

Application security

Security policies

We maintain formal internal security policies covering access control, incident response, change management, vendor management, data retention, backup and disaster recovery, and security awareness. These policies are reviewed on a quarterly or semi-annual cadence and align with industry-standard control frameworks. We are working toward SOC 2 readiness.

Incident response

We follow a documented incident playbook. Confirmed security incidents affecting customer data are reported to affected customers without undue delay and within 72 hours of confirmation, in line with our Data Processing Agreement.

Reporting a vulnerability

If you believe you've found a security issue, please email management@potomacops.com with details. We'll acknowledge receipt within 2 business days. Please do not publicly disclose until we've had a chance to investigate and remediate.

Contact
Potomac Operations Group LLC
Email: management@potomacops.com
Website: www.potomacops.com