Security policy

Your data is sent using HTTPS.

All data is written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure.

Your data is sent using HTTPS.

Whenever your data is in transit between you and us, everything is encrypted and sent using HTTPS. Any files which you upload to us are stored and are encrypted at rest. Client data and messages aren't encrypted at rest — they are active in our database. Our backups of your data are encrypted.

Data Retention

Our data backups are only retained for 7 days. Once you stop using Pixie and your workspace is deleted, data will be irrecoverable after 7 days. Your payment details are stored by PCI compliant service providers.

Sophisticated physical security.

We use Amazon Web Services to host our servers in the UK. The supplier protects their data centres with state-of-the-art physical security measures. Only authorised personnel have access to the data centre. 24/7/365 onsite staff provides extra protection against unauthorised entry and security breaches.

AWS complies with leading security policies and frameworks, including SSAE 16, SOC framework, ISO 27001 and PCI DSS. For more information on AWS Data Center Physical Security, see the AWS Security Whitepaper: https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf

Regularly-updated infrastructure.

Our software infrastructure is updated regularly with the latest security patches. Our products run on a dedicated network which is locked down with firewalls.

We protect your billing information.

Card details are never stored in Pixie. Your card details are transmitted directly to our payment providers over SSL connections and are not logged nor stored in our systems.

Payments are processed by Stripe and Chargebee. Both are PCI-DSS Level 1 compliant service providers.

Need to report an incident?

If you have discovered a security flaw that affects Pixie, please visit our vulnerability disclosure programme page for details on how to securely submit a report.