The Pipe Platform Achieves Security and Compliance Milestone with SOC 2 Type I Attestation. Learn More

Security & Privacy

Data security & privacy are key priorities for us. When you engage with us, you trust us by sharing your information, and we are committed to safeguarding it.

Compliance

SOC 2 Type I

SOC 2 is a framework used to evaluate and validate an organization’s information security practices. It’s widely used in North America, particularly in the SaaS industry. The Pipe Platform has undergone SOC 2 assessment by an independent third-party auditing firm and received it’s first SOC 2 Type I report. To receive the report, get in touch.

GDPR Ready

If you’re from the EU, or you’re not from the EU, but you’re processing data of EU data subjects, you can rest assured that our platform will help you comply with GDPR requirements. We’ve gone through the compliance process several times in relation to both the data we process for you as processors (recordings, metadata, snapshots) and the data we hold as controllers.

You should check out our GDPR overview page for more information on how we can help you comply, and feel free to email us any GDPR-related questions.

Infrastructure Security

Encryption at rest

The Pipe Platform encrypts the data at rest. Our database, ingestion, and processing servers utilize LUKS to encrypt data at rest, while the complimentary storage buckets, hosted on Amazon S3, encrypt data at rest using Amazon S3-managed keys (SSE-S3). The single exception is our complimentary storage bucket, hosted by Scaleway for the EU2 region, due to the provider’s limitations.

System Hardening

We harden our servers using industry best practices. This includes disabling unnecessary services, applying security patches, and configuring firewalls to restrict access to only necessary ports and protocols by specific IP addresses from our infrastructure.

Continuous Backups

We make daily backups of our database and store them in two different secure locations. This ensures that we can quickly restore the database in the event of a failure or data loss. We regularly test our database recovery procedure.

Monitoring and Logging

We continuously monitor our infrastructure for anomalous activity and log all access to our systems. This helps us detect and respond to potential security incidents in a timely manner.

Email Security with DKIM, SPF, and DMARC

We use DKIM, SPF, and DMARC to ensure that our emails are secure and not spoofed. This helps protect our users from phishing attacks and ensures that our communications are legitimate.

Product Security

Encryption in Transit

Pipe encrypts the data in transit over public networks using TLS 1.3 and TLS 1.2 connections in conjunction with industry-standard strong ciphers:

  • Secure Recording Client Delivery Our recording client will be embedded in your website or app and delivered to your users securely via HTTPS.
  • Secure Recording Our recording client uses secure WSS or HTTPS connections to stream or upload recordings to our ingestion media servers.
  • Secure Push to Storage The recordings are securely pushed to our storage (storage buckets from Amazon and Scaleway) and to your storage (Amazon S3 or compatible services, Dropbox, SFTP & FTPS).
  • Secure Playback Playback & download from our complimentary long term storage buckets is done securely through HTTPS.

Secure API

All REST API requests to the Pipe Platform are made over HTTPS, ensuring that data is encrypted in transit.

Whitelisted Hosts

Pipe allows you to specify a list of hosts on which the Pipe Recording Client can be embedded. Such a list helps prevents abuse from malicious actors who could use your embed code on other websites.

Authenticated Webhooks

Pipe automatically signs all webhooks, allowing you to verify on your end that the webhook request & data originates from the Pipe Platform and not a third party.

Organizational Security

Access Control

We implement strict access control measures to ensure that only authorized personnel have access to sensitive data. This includes role-based access controls, multi-factor authentication, and regular access reviews.

Security Awareness Training

We provide regular security awareness training to our employees and contractors to ensure they are aware of the latest security threats and best practices.

Background Checks

We conduct background checks on all employees and contractors who have access to sensitive data. This helps us ensure that we hire trustworthy individuals who will handle data responsibly.

Endpoint Security

We provide our employees and contractors with secure devices and enforce endpoint security measures via specific software. Workstations have disk encryption enabled.

Secure Development Practices

We implement a stringent change management system that helps promote best practices in our development process, including:

  • Code reviews to ensure that all changes are reviewed by at least one other developer before being merged
  • Changes are implemented and tested in both a development environment and a staging environment before being deployed to production
  • Branch protection rules to prevent direct commits to the main branch

Vulnerability Scanning

We perform regular vulnerability scans on our infrastructure to identify and resolve potential security issues. This involves scanning our servers and network for known vulnerabilities and misconfigurations. Critical and high-priority vulnerabilities are tracked for remediation.

Bug Bounty

Pipe is committed to maintaining high standards of security and welcomes responsible disclosure of potential vulnerabilities. We operate a vulnerability disclosure program that provides rewards for valid reports, determined by the severity and impact of the issue. To report a security concern, please contact us at security@addpipe.com.

Data Collection

We provide the controls needed to minimize (PII) data collection & retention.

Do Not Collect PII Data

You have full transparency into the data we touch and complete control over what information is collected from your users with each recording.

Do Not Store Recordings & Data

After we process a recording and securely transfer the files to your chosen storage, all local copies are permanently deleted from our processing servers. For maximum control, you can opt out of our complimentary storage and use your own secure storage service, including Amazon S3, Dropbox, SFTP, or FTPS.

Data Lifecycle

You can define a custom data lifecycle for your recordings, automatically deleting them after a specified period.