Security Policy

We protect your data.

All data is written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure.

 

GDPR Compliance

We are committed to protecting your data and your data about your customers, to ensure you remain compliant with the GDPR.

 

Your data is sent using HTTPS.

Whenever your data is in transit between you and us, everything is encrypted and sent using HTTPS. Any files which you upload to us are stored and encrypted at rest. Client data and messages aren't encrypted at rest — they are active in our database. The database filesystem is encrypted.  Our backups of your data are encrypted.

 

Data Retention

Our data backups are only retained for 7 days. Once you stop using Pixie and your workspace is deleted, data will be irrecoverable after 7 days. Your payment details are stored by PCI compliant service providers.

 

Sophisticated physical security.

We use Amazon Web Services to host our servers in the UK. The supplier protects their data centres with state-of-the-art physical security measures. Only authorised personnel have access to the data centre. 24/7/365 onsite staff provides extra protection against unauthorised entry and security breaches.

 

AWS complies with leading security policies and frameworks, including SSAE 16, SOC framework, ISO 27001 and PCI DSS. For more information on AWS Data Center Physical Security, see the AWS Security Whitepaper: https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf

 

Regularly-updated infrastructure.

Our software infrastructure is updated regularly with the latest security patches. Our products run on a dedicated network which is locked down with firewalls.

 

We protect your billing information.

Card details are never stored in Pixie. Your card details are transmitted directly to our payment providers over SSL connections and are not logged nor stored in our systems.

Payments are processed by Stripe and Chargebee. Both are PCI-DSS Level 1 compliant service providers.

 

Need to report an incident?

If you have discovered a security flaw that affects Pixie, please visit our vulnerability disclosure programme page for details on how to securely submit a report.