A pentest platform that solves the concerns pentesters keep raising about cloud-based tools

Penetration testing firms manage some of the most sensitive data in the security industry, including client engagement details, unfixed vulnerabilities, exploit evidence, and authorisation credentials supplied by their clients. Trusting a cloud-based pentest platform with that data is a fair concern, and most platforms either ignore the issue or hide it under marketing language. Pental is a pentest platform built around the assumption that pentesters will not, and should not, trust a third-party SaaS by default. This article walks through the recurring concerns about cloud-based pentest reporting and management tools, and how Pental answers each one in plain language.

Can pentest data really live on a third-party SaaS?

The single most common reason firms reject a cloud-based pentest platform is that engagement data should not leave their control. Pental answers this on the Enterprise plan with Bring Your Own Database:

• You provision your own database, in your own cloud account, in your chosen country, billed to you. Pental never holds the administrative keys.
• The Pental application connects to your database only through authenticated end-user sessions. There is no privileged backdoor we can use to read your data without you logging in.
• Your client portal runs on a custom domain such as portal.yourfirm.com, with managed TLS. Clients never see Pental branding or DNS.

What this means in practice: even if Pental's own infrastructure were fully compromised tomorrow, an attacker would not be able to read your engagement data. Reading any tenant's data requires an authenticated session against the customer's own database, with credentials Pental does not hold. This isn't fully air-gapped on-prem (the application code itself runs on shared infrastructure), but the data plane is genuinely yours.

What about AI? Does Pental train on my findings?

AI assistance has become a default feature in most pentest reporting tools, often without a way to disable it. Pental takes the opposite position: AI is off by default. New tenants have zero AI calls happening anywhere in the platform. The product works fully without any AI assistance.

If you choose to enable AI, it's bring-your-own-token. You configure your own API key with the provider you trust. Pental never proxies through a Pental-owned account, and Pental does not store the prompt or the response. The data goes from your tenant directly to the provider you chose, billed to your account, under your provider's terms.

Provider data retention varies, and the right choice depends on your firm's sensitivity:

• Groq: zero retention on the standard API tier.
• OpenAI: 30 days on standard API for abuse monitoring; Zero Data Retention available in enterprise contracts.
• Anthropic: 30 days on standard API; ZDR available in enterprise.
• Ollama (local model): nothing leaves your network.

For firms whose answer is "no AI under any circumstances", leave it off. Pental does not silently call any model.

How does multi-tenant isolation work for the managed plan?

Starter and Professional plans share a managed database. The isolation between customers is enforced at the database layer, not stitched on at the application layer:

• Every database query is scoped to the active customer's tenant. There is no path through the platform that returns data without that scope check.
• The active tenant is resolved from the request and validated against the user's membership. A user with accounts in three customer firms cannot read data from one tenant while authenticated in another.
• A missed tenant scope check is treated as a critical bug, not a feature gap.

If multi-tenant managed isn't acceptable for your firm, the Enterprise plan with Bring Your Own Database removes the question entirely: your data lives in your own database, alongside no one else's.

How does Pental protect client-supplied credentials?

The credentials your clients submit through the portal (passwords, API keys, MFA seeds, login URLs) are the most sensitive data on any pentest platform. Pental treats them accordingly:

• Submitted credentials are encrypted server-side, with a key unique to your firm. A leaked blob from one customer cannot be unlocked with any other customer's key.
• Only the assigned tester for that engagement can decrypt them. Permission is enforced server-side, not in the browser.
• The moment the tester clicks Acknowledge, the encrypted blob is permanently deleted from the database. Only redacted metadata (the credential type, label, who submitted it, when) is kept for audit.
• The expectation is that testers move credentials into their own secret store on receipt. Credentials are not designed to sit on a SaaS database for the lifetime of an engagement.

Are e-signatures on proposals legally valid?

Yes. Pental's proposal signing meets the legal requirements for valid electronic signatures under UK, EU, US, Canadian, Australian, and most other major jurisdictions' frameworks. Every signed proposal records who signed, what they signed, when, from where, and a tamper-proof fingerprint of the document. Pental signs every signature event cryptographically, and the signature can be verified inside your own database without trusting Pental at verification time. If a contract is ever disputed, you have a hard, verifiable audit trail.

How is authentication handled across testers, sales, and clients?

Every user logs in without a password. They enter their email, receive a six-digit code, and are in. Pental supports authenticator apps (TOTP) and passkeys for the second factor, plus single sign-on via Google and Microsoft for your staff. Tenant admins can require MFA for all staff or for all users (including client portal users). Password reuse, credential phishing, and brute force simply aren't attack surfaces on Pental.

On Professional and Enterprise plans, every email Pental sends (login codes, proposals, invoices, notifications) goes through your own SMTP. Your clients see your domain, your DKIM, your branding. Pental's outbound infrastructure is never in the chain. Starter uses Pental's outbound SMTP for transactional email.

Can I use my own report templates and branding?

Yes, on every plan. There are two paths and you choose per document. The first uses Pental's built-in reporting tool with per-tenant customisations: cover page, severity colours, sections, signature box position, file naming. The platform fills the engagement data into your configured layout and generates a polished PDF instantly. The second is fully custom: you upload your own Word template, render the final PDF in your own toolchain, and upload that finished PDF for the client. Clients only ever see the finished PDF, never the source template. The same two paths work for proposals, invoices, and letters of attestation.

Beyond reports, you set your logo, brand colours, login page styling, and email templates. Your clients see your firm. Pental is invisible in the experience. On Professional and Enterprise, you also use your own domain, so even technically curious clients won't find any reference to Pental in DNS or email headers.

What happens if I leave Pental?

On Starter and Professional, your data is retained read-only for 30 days after termination so you can export it, then permanently deleted within 90 days. On Enterprise with Bring Your Own Database, your data never leaves you. It has always been in your own database. Cancelling Pental simply removes our application's access to it. You can take a full backup at any time, and you can give your security or compliance team direct database access whenever you want.

About Pental

Pental is a pentest platform built for penetration testing firms and security consultancies. The product covers the full lifecycle of an engagement: scoping, proposals with legally valid e-signatures, scheduling, finding tracking, QA workflows, branded reporting from your own templates, client portals, retest coordination, invoicing, and payments. It's built by working pentesters and prioritises the operational realities of running a consultancy: contractor management, multi-year contracts and retainers, client-supplied credential handling, and report fidelity that survives passing through a regulated client's legal review.

Pentest trade. If you're a pentester or a firm interested in trading a pentest of the Pental platform for platform credits, get in touch at hello@pental.io. 

Questions or concerns

Have a question about how Pental handles your data, or a concern about something not covered here? Email hello@pental.io. For more on the product, visit the Pental homepage or browse the blog for more posts.