Security & Compliance
Security and compliance for Pigy services and digital assets.
Overview
At Pigy, we understand the importance of security, and we take it seriously. Security is foundational to every decision we make. Every decision in creating Pigy begins with the safety and privacy of your data in mind.
User Authentication
Pigy places a paramount focus on user security by implementing robust authentication measures. We enforce a stringent password policy for all users, ensuring that passwords meet high-security standards. Furthermore, we offer Two-Factor Authentication (2FA) through Google Sign-In, and for even greater security, we provide Multi-Factor Authentication (MFA).
Multi-Factor Authentication (MFA) is a security protocol that requires users to authenticate their identity using multiple methods and distinct credential categories. This multi-layered approach significantly enhances security, making it substantially more difficult for unauthorized access to your account.
Moreover, Pigy offers advanced authentication options for premium customers through renowned identity providers, including Azure AD, Okta, and Google Workspace. We support both SAML (Security Assertion Markup Language) and SCIM (System for Cross-domain Identity Management).
SAML (Security Assertion Markup Language): This open standard allows identity providers to transmit authorization credentials to service providers, ensuring seamless and secure user access without the need for passwords. Pigy supports SAML authentication via Azure AD, Okta, and Google Workspace.
SCIM (System for Cross-domain Identity Management): This protocol streamlines the automation of user provisioning and de-provisioning, simplifying the management and synchronization of user identities. Pigy integrates with SCIM through both Azure AD and Okta.
By offering a variety of authentication options through leading identity providers, we are dedicated to ensuring the protection of your data and maintaining the highest levels of trust and security.
Data Protection
Pigy employs a comprehensive approach to data protection by implementing encryption measures at rest and in transit, though it does not employ end-to-end encryption. This strategic choice allows us to strike a balance between security and functionality, ensuring that our users can benefit from features like full-text search without compromising on data safety.
#### Encryption at Rest
When your data is at rest, which means it is stored on our servers, we fortify it with robust encryption. Specifically, we employ the industry-standard AES-256 encryption algorithm. This encryption standard is widely recognized for its exceptional security capabilities. It ensures that your data is transformed into an unreadable format while stored on our servers, providing an added layer of protection against unauthorized access.
Encryption in Transit
For data as it moves between our servers and your devices, we also utilize encryption protocols. This means that when you interact with Pigy, whether it's accessing your account, sharing data, or performing any other actions, your data is transmitted securely over the internet. This encryption guards against interception and eavesdropping, further enhancing the confidentiality of your information.
End-to-End Encryption Consideration
While end-to-end encryption is a valuable security measure, it can sometimes hinder certain functionalities, such as full-text search. End-to-end encryption typically involves data being encrypted on the sender's end, only to be decrypted by the recipient. In contrast, our approach allows for some data processing on our servers while ensuring robust encryption during storage and transit.
This meticulous approach to data protection reflects our commitment to both security and user experience, allowing you to benefit from a range of features while maintaining the highest standards of data security.
Data Privacy
Data Security and Privacy Assurance
At Pigy, the safeguarding of your data is our paramount concern, and we take extensive measures to ensure its safety and privacy. Our data security model is designed to grant you confidence that your information remains confidential and accessible only to those you explicitly authorize.
Exclusive Access Control
When you entrust your data to Pigy, you maintain full control over who can access it. By default, the projects and workspaces you create are set to private, ensuring that they are entirely off-limits to anyone except you. This means that your data remains secure within your virtual domain until you decide to take further action.
Collaborative Data Sharing
Should you choose to collaborate with others, Pigy offers a seamless and secure means to do so. You have the discretion to extend invitations to collaborators, granting them access to specific projects or workspaces. These individuals can only view or interact with the data and resources you've designated for shared use, preserving the confidentiality of your other data.
Fine-Grained Access Control
Our system is engineered to provide fine-grained control over access permissions. You can precisely specify what level of access each collaborator enjoys, ensuring that they can only perform actions or see information that aligns with their role and responsibilities. This granular control empowers you to tailor access rights to match your unique requirements.
Data Privacy by Design
Pigy's approach to data privacy is rooted in the concept of "privacy by design." We've crafted our platform with a core emphasis on preserving the confidentiality and integrity of your data. This commitment extends from the default private settings for projects and workspaces to our robust authentication mechanisms and data encryption practices.
In summary, Pigy's data security framework is centered on the principles of user empowerment and data protection. We place the reins of control firmly in your hands, ensuring that your data is accessible only to you and those with whom you've chosen to collaborate. Our commitment to data privacy by design means that you can confidently use our platform, knowing that your data is safe, private, and under your command.
Data Access
Data Security and Privacy Assurance
At Pigy, the safeguarding of your data is our paramount concern, and we take extensive measures to ensure its safety and privacy. Our data security model is designed to grant you confidence that your information remains confidential and accessible only to those you explicitly authorize.
Exclusive Access Control
When you entrust your data to Pigy, you maintain full control over who can access it. By default, the projects and workspaces you create are set to private, ensuring that they are entirely off-limits to anyone except you. This means that your data remains secure within your virtual domain until you decide to take further action.
Collaborative Data Sharing
Should you choose to collaborate with others, Pigy offers a seamless and secure means to do so. You have the discretion to extend invitations to collaborators, granting them access to specific projects or workspaces. These individuals can only view or interact with the data and resources you've designated for shared use, preserving the confidentiality of your other data.
Fine-Grained Access Control
Our system is engineered to provide fine-grained control over access permissions. You can precisely specify what level of access each collaborator enjoys, ensuring that they can only perform actions or see information that aligns with their role and responsibilities. This granular control empowers you to tailor access rights to match your unique requirements.
Data Privacy by Design
Pigy's approach to data privacy is rooted in the concept of "privacy by design." We've crafted our platform with a core emphasis on preserving the confidentiality and integrity of your data. This commitment extends from the default private settings for projects and workspaces to our robust authentication mechanisms and data encryption practices.
In summary, Pigy's data security framework is centered on the principles of user empowerment and data protection. We place the reins of control firmly in your hands, ensuring that your data is accessible only to you and those with whom you've chosen to collaborate. Our commitment to data privacy by design means that you can confidently use our platform, knowing that your data is safe, private, and under your command.
Compliance & Certifications
We are actively dedicated to enhancing our security measures and compliance standards to achieve ISO, PCI DSS, and SOC 2 certifications in the near future. Our ongoing commitment to these initiatives underscores our unwavering focus on safeguarding data and providing the highest level of trust and security to our valued customers.
Hardening & Process
Our service operates on Google Cloud, and we adhere to their security best practices. Our servers run on Linux, and administrators utilize sudo for privilege elevation when necessary.
We implement Rate Limiting at the account, IP, and audit event levels to enhance security.
All pertinent production log entries are stored remotely, and we employ pattern matching and alerts to detect malicious intent, as well as unexpected crashes, exceptions, and other error conditions.
To ensure robust security, we harden system images and automatically deploy new ones with every change via Continuous Integration and Continuous Deployment (CICD) pipelines. Security patches are rolled out automatically, and we have established processes for immediate deployment of emergency patches when required.
Our commitment to security includes extensive testing, with thousands of unit tests, system tests, and integration tests in place to validate changes for security, correctness, and performance.
Uptime & Continuity
Ensuring seamless uptime and business continuity is at the core of our operational strategy. To achieve this, we have implemented a robust system of monitoring, comprising thousands of alerts that meticulously track the health of our systems, product functionality, and security against potential abuse, including the detection of attack signatures and audit events.
To provide you with real-time transparency and updates, our server status page operates independently from our production platform. This segregation extends all the way to the domain registrar, ensuring that you receive prompt notifications of any issues that may impact our production environment. Additionally, our dedicated status account serves as an additional channel for keeping you informed of important developments, thereby reaffirming our commitment to providing uninterrupted service and continuity.
Billing and Payment
We entrust the handling of payments to Stripe, a PCI-certified payment provider renowned for its robust security standards. When you make payments through our platform, your payment data and sensitive payment-related information are seamlessly transmitted directly to Stripe for processing. It's important to emphasize that at no point is this sensitive data stored within Pigy's infrastructure.
Our data practices regarding payment information are centered on strict security and privacy principles. The utmost care is taken to ensure that your payment details remain safeguarded. The only payment-related data retained by Pigy consists of your customer ID and subscription ID. These minimal details are retained solely for reference and billing purposes, providing a seamless experience while adhering to the highest standards of data protection and privacy. Your financial security is our top priority, and we've entrusted Stripe's expertise to guarantee the safety and integrity of your payment information.
Looking for something specific?
Don't hesitate to contact us for help.