Pied Piper Inc. Trust Centre

At Pied Piper, we pioneered a breakthrough middle-out compression algorithm that dramatically reduces file sizes without compromising quality (Weissman score of 5.2). Today, we're building the future of the internet with our decentralized platform, enabling secure and efficient data storage and sharing on a global scale.

jared@pied-piper.io

Controls

Access Management

  • What level of employee authentication is required to access sensitive information?

    For systems that contain sensitive or personal data, the company utilises protocols such as Single-Sign On (SSO) and Two Factor Authentication (2FA).

  • Is access to tools and data restricted on a need-to-know basis?

    Access to any high impact or live environments or anywhere that holds PII are provided on least privilege access. A very limited number of employees have access.

  • Do you ensure employees use a password manager?

    As part of our internal password policy, the company requires all employees to use an approved password manager. Where necessary, the password manager alerts users to any potential password risks to maintain high-level security at all levels.

  • Is there a secure password policy in-place?

    The company has an internal password policy and all passwords used are strong, kept in a secure location, regularly changed and not re-used.

Availability & Security Incidents

  • Is there database redundancy over multiple availability zones?

    The company maintains data redundancy over at least two availability zones, with database backups offering point-in-time recovery if needed. Additional encrypted off-site backups are updated regularly.

  • Are there procedures and policies in place for responding and communicating security incidents?

    The company has established procedures and policies with regards to responding and communicating about security incidents from our Security Team. The level of the security incident will dictate how we communicate and respond to our customers. If a security incident does occur, you will be kept updated via our support team.

  • Do you have a dedicated security response team?

    The company monitors it's cloud service 24/7 and has a response team on call 24/7 to respond to security incidents. Our hosting provider, also provides 24/7 global monitoring and support for the data centers that are used.

  • Do you have any uptime SLAs?

    Uptime SLAs are either part of the plan customers have purchased or part of a separate agreement.

Data & Privacy

  • Are backups conducted for production and customer data?

    Periodic backups are performed for production and customer data. The data is backed up to a separate location.

  • Do you have a viewable cookie policy?

    Yes, a cookie policy is publically available to view. It outlines any methods the company uses cookies for collection, tracking and marketing.

  • What data and information is collected?

    Collection of data and information is in accordance to laws and regulations.

  • Do you perform Data Protection Impact Assessments on tools and transfers?

    A Data Protection Impact Assessment (DPIA) is performed for any new tool, transfers or change in circumstances, regulations or location. To ensure it is compliant with laws, regulations and the company's policies.

  • How often do employees undergo privacy and security training?

    All employees and contractors undergo security awareness training within the first week of employment as part of onboarding, and then continued at least annually.

Disaster Recovery

  • Does the company have a Business Continuity Plan in place?

    A Business Continuity (BC) plan is in place and outlines the processes to follow for the company to continue to provide the service to customers.

  • Does the company have Cybersecurity Insurance?

    The company maintains cybersecurity insurance up to date, this is to help mitigate any potential financial impact from disruptions to the business.

  • Do you have a disaster recovery plan in place?

    A Disaster Recovery (DR) plan is in place and outlines the processes to follow, in the event of unplanned incidents, to return data and infrastructure.

HR Security

  • Are background checks performed on new employees?

    The company performs background checks on all new employees as part of the pre-employment screening process.

  • Do employees and contractors sign confidentiality agreements?

    All new hires are screened during the hiring process, and on commencement of employment, are required to sign a Non-Disclosure and Confidentiality agreement. This is also an up-held post-employment contract.

  • Are there processes in-place for employee onboarding and offboarding?

    The company has processes in place for both onboarding new employees, as well as offboarding outgoing employees. They ensure the correct access and training are provisioned.

  • Do employees undergo security awareness training?

    All employees and contractors undergo security awareness training within the first week of employment as part of onboarding, and then continued at least annually.

  • Are internal policies signed by employees and contractors?

    All internal policies are agreed to and signed by employees during their onboarding. These policies are reviewed at least annually.

Network Security

  • Do you have an architecture diagram?

    An architecture diagram is available to request on the Trust Center.

  • Do you have a dedicated security team?

    The company's Security Team provide 24/7 monitoring and response to security incidents.

  • Do you utilise an intrusion detection system for continuous monitoring?

    Intrusion detection systems (IDS) are utilised to monitor any security incidents or access breaches, as they occur, so the security team can mitigate and resolve instantly.

  • How often do you conduct penetration tests of your cloud infrastructure?

    The company conducts third party penetration testing at least annually. Any remediations required are implemented under SLAs.

Organizational Security

  • Do employees and contractors sign confidentiality agreements?

    All new hires are screened during the hiring process, and on commencement of employment, are required to sign a Non-Disclosure and Confidentiality agreement. This is also an up-held post-employment contract.

  • Do you utilise a mobile device management system to centrally manage mobile devices?

    Mobile devices that are used or owned by the company, are part of a mobile device management system.

  • Are workstations continually monitored to ensure they are secure?

    A central management system is used to report, track and monitor any workstations for malware, security patches and non-compliance.

Physical Security

  • Where are the data center servers located?

    The location of data centers cover the following:

  • Does the data center have 24/7 on-site security and processes?

    The data center facilities used by the company have 24/7 on-site staff, physical access points to server rooms covered by CCTV, biometric security procedures, and round-the-clock surveillance monitoring to maintain protection against unauthorized entry and physical security breaches.

  • Are the data centers monitored 24/7?

    The company's data center conducts 24/7 monitoring of access activities, with electronic intrusion detection systems installed in the data layer. Systems constantly monitored by the company.

  • Does the data center have backup power fallback options?

    Each data center facility is equipped with an uninterruptible power supply (UPS) and backup generators, in case of power disruption.