Data Security & Privacy
We are ISO27001:2022 certified. This prestigious standard offers comprehensive guidance for companies of all sizes and across all industries to establish, implement, maintain, and continually improve an information security management system.
The certification signifies that we have developed a robust system to manage risks associated with the security of data we own or handle. It also demonstrates our commitment to adhering to the best practices and principles outlined in this International Standard.
We are committed to keeping your data secure
In today's fast-paced digital world, safeguarding confidential data has become an essential consideration for companies.
The protection of sensitive data from unauthorized access, theft, or damage is crucial to avoid consequences such as loss of customer trust, brand damage, regulatory non-compliance, and financial repercussions.
Ensuring data security and privacy is not only essential but also a critical component of modern business operations, including our own.
Secure Infrastructure Provider
PI.EXCHANGE’s production environment runs on Google Cloud Platform (GCP). GCP upholds the highest security standards. All data is hosted in a secure GCP facility that is SOC 2, ISO 27001, ISO 27017, ISO 27701, CSA compliant.
Data Encryption in Transit and at Rest
Data is encrypted in transit (TLS) and at rest provided by the Google Cloud Storage Server-Side Encryption. To process data it is securely accessed with a secure connection using TLS v3 encryption.
Data and Trained Model Access
In the PI.EXCHANGE hosted AI & Analytics Engine, no data provided by the user is copied or transmitted for any purpose other than preparing data, training models, generating predictions based on a trained model, or as otherwise required to support the user or via an Advanced AI Services engagement.
Trained models, input data, and predictive outputs are only accessible to the customer, with a small amount of metadata used for product enhancements. No data about the model is shared or used outside of this purpose.
Authentication
All access to the platform is authenticated. To authenticate users use a signed and encrypted access token that is obtained after entering an 8-character (or more) password that consists of at least one: number, lowercase letter, uppercase letter, and special character then verifying their email.
Access Control
The AI & Analytics Engine uses a Role-Based Access Control (RBAC) model for managing data and related assets within the product at 2 levels: organization and project level. A user’s data, projects, and models are segregated from other accounts and users as defined by the RBAC system.
Server Security and Monitoring
The AI & Analytics Engine is deployed in a secure and access-controlled multi-tenant environment only accessible via secured portals and APIs. This includes the API for the SDK and prediction API of the deployed models. We apply a Zero Trust Security model in our approach to the design and implementation of systems.
Deployment On-premise or Private Cloud for Enterprise
We do not store and transfer data outside of the client's chosen environment. If it is an on-premise deployment data is encrypted in transit and at rest provided by the MinIO Server Side Encryption. If it is a private cloud deployment we utilize the client's S3-compatible services.
Logs and Monitoring
PI.EXCHANGE understands that data is an organizations most strategic and vital asset. As such, the security and privacy of data are our highest priorities. Changes to PI.EXCHANGE’s infrastructure is tracked and where there is a security impact is reported to clients.
Within the AI & Analytics Engine, all actions performed are accessible via logs. This means there is traceability of any user activity. These logs are only exposed to the user with appropriate permissions so internal audits can be performed.
System Availability and Resilience
The AI & Analytics Engine system is architected and configured to achieve High Available, Fault Tolerance, and for Disaster Recovery requirements. PI.EXCHANGE employs Google Cloud Load Balancing to distribute incoming application traffic across multiple targets, increasing the availability of the application and safeguarding the Engine from various forms of DDoS attacks.
Internal Policies and Best Practices
PI.EXCHANGE ensures security, privacy integrity, and compliance via a Zero Trust and Zero Tolerance model. We follow a well-defined suite of Information Security Policies & Standards that guide the design, development, and operations of the product and services.
The AI & Analytics Engine is built with a security-by-design approach adhering to OWASP S-SDLC best practices. We employ state-of-the-art protection measures including, but not limited to, privilege account management, centrally managed endpoint protection, intrusion prevention system, and firewalls at different layers and segments of our infrastructure.
Collection and Use of Information
We may collect some personal information to better provide support and services to our users through the website and the AI & Analytics Engine. We maintain up-to-date policies including user notices, website terms of use, privacy policy, and the AI & Analytic Engine EULA.
Solve your biggest problems with peace of mind
We follow a strict Zero Trust & Zero Tolerance model.
The Engine is configured for High Available, Fault Tolerance, and Disaster Recovery requirements.
The Engine runs on Amazon Web Services (AWS). AWS upholds the highest security standards.
Data is encrypted in transit and at rest provided by AWS S3 Server Side Encryption (S3-SSE).
The Engine can be deployed flexibly to meet your security requirments.