Security Policy

Introduction

At Pixie, we take the security of our customers' data very seriously and are committed to protecting it through a combination of technical and organisational measures. This policy outlines the measures we have in place to ensure the security of our customers' data, including data security, encryption at rest and in transmission, and compliance with the General Data Protection Regulation (GDPR) and Amazon Web Services (AWS) security standards.

Data Security

We have implemented robust security measures to protect our customers' data from unauthorised access, alteration, disclosure, or destruction. Our infrastructure is hosted on AWS, which provides a secure and scalable platform for our services.

Encryption at Rest and in Transmission

We use encryption to protect our customers' data both at rest and in transit. All data stored on our servers is encrypted using industry-standard encryption algorithms and the AWS Key Management Service (KMS), and all data transmitted between our customers' devices and our servers is encrypted using Transport Layer Security (TLS).

General Data Protection Regulation (GDPR) Compliance

We are committed to complying with the GDPR and have taken the necessary steps to ensure that we meet its requirements. We have implemented appropriate technical and organisational measures to protect the privacy and security of our customers' personal data, and we have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance efforts.

Incident Response and Reporting

In the event of a security incident, we have established procedures to quickly respond and mitigate any potential impact on our customers' data. Our incident response team is trained to handle security incidents and will take all necessary steps to restore the security of our systems and protect our customers' data.

We will promptly notify affected customers in the event of a security breach that results in the unauthorised access, alteration, or disclosure of their data. We will provide information about the nature of the incident, the type of data involved, and the measures we have taken to address the incident.

Third-Party Service Providers

We may use third-party service providers to support our business operations and provide services to our customers. We require that all third-party service providers comply with our security policies and standards, and we regularly assess their security practices to ensure they meet our security requirements.

Access Controls

We have implemented access controls to restrict access to our customers' data to only those individuals who have a legitimate need for access. We regularly review and monitor access to our systems and data to ensure access privileges are appropriate and that data is only accessed for legitimate business purposes.

Physical Security

We use Amazon Web Services to host our servers in the UK. The supplier protects their data centres with state-of-the-art physical security measures. Only authorised personnel have access to the data centre. 24/7/365 onsite staff provides extra protection against unauthorised entry and security breaches.

AWS complies with leading security policies and frameworks, including SSAE 16, SOC framework, ISO 27001 and PCI DSS. For more information on AWS Data Center Physical Security, see the AWS Security Whitepaper: https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf

Data Retention and Destruction

We retain our customers' data only for as long as necessary to provide the services they have requested and will securely destroy data when it is no longer needed. We have established procedures for the secure destruction of data to prevent unauthorised access or disclosure.

Billing Information

Card details are never stored in Pixie. Your card details are transmitted directly to our payment providers over SSL connections and are not logged nor stored in our systems.

Payments are processed by Stripe and Chargebee. Both are PCI-DSS Level 1 compliant service providers.

Continuous Improvement

We are committed to continuous improvement and regularly assess and update our security policies and practices to ensure that we are providing the highest level of security for our customers' data. We also engage in regular security audits and assessments to identify potential vulnerabilities and implement appropriate remediation measures.

Conclusion

At Pixie, we are committed to protecting the security and privacy of our customers' data. We have implemented robust security measures, including encryption at rest and in transmission, to ensure the protection of our customers' data and we comply with relevant security standards, including the GDPR and AWS security standards.

If you have any questions about our security policy, please do not hesitate to contact us.

Contact Information

If you have any questions or concerns about our security policy or the security of your data, please contact us at security@usepixie.com. We are dedicated to ensuring the security and privacy of our customers' data, and we are here to assist you with any questions or concerns you may have.

 

Need to report an incident?

If you have discovered a security flaw that affects Pixie, please visit our vulnerability disclosure programme page for details on how to securely submit a report.