Security at Pipe
At Pipe, data security is a critical aspect. If you come across any security vulnerability in our platform, please do not hesitate to inform us so we can take prompt action and address the issue together.
Data Security
Encryption in transit
Pipe encrypts the data in transit. From the user that is making a recording all the way to our complimentary storage all data is encrypted in transit. The Pipe Platform will securely push the recording data to your storage using Amazon S3, Dropbox, SFTP and FTPS. The REST API and webhooks support https. More information about encryption in transit is provided in the Recordings Security section.
Encryption at rest
With the exception of our complimentary storage bucket hosted by Scaleway for the EU2 region, the Pipe Platform encrypts the data at rest. Our db, ingestion, and processing servers use LUKS to encrypt data at rest, while the complimentary storage buckets hosted with Amazon S3 for the US1 & US2 regions encrypt data at rest with Amazon S3 managed keys (SSE-S3). For more information check out this section on the topic.
Who has access to my data?
A limited number of our employees have access to customer data to provide customer support or to solve a technical issue. Our team follows a need-to-know basis and the principle of least privilege to keep access and permissions to only data that is required.
Furthermore, you should know that data collected through the Pipe Platform belongs to you, and we do not sell or transmit it to any third party. You can also export or permanently delete the recording data associated with your account.
Application Security
We follow best practices concerning application development and use https://pentest-tools.com to constantly monitor our front-facing properties. 3rd party security reports are duly reviewed.
Infrastructure Security
The Pipe Platform uses Hetzner and DigitalOcean to host the core of our infrastructure. Additional services are contracted from Amazon Web Services and Scaleway. We use 2FA and/or SSO on a need-to-access basis to sign in to the respective dashboards.