Compliance is the baseline. We're committed to protecting the creative work that our customers trust us to store. We are aiming beyond regulatory requirements and work hard to keep your ideas, data, and projects confidential and secure.
Cloud & Data Center Security
Picflow is hosted on Amazon Web Services (AWS), which means that we’ve built on a foundation of security from the start. Our hosting environment is fully-redundant with disaster recovery procedures. All user data is transported securely, as all traffic is encrypted in transit via SSL. Our cloud hosting providers maintain multiple certifications for their data centers, including ISO 27001 compliance, PCI certification, and SOC. We’ve bolstered our cloud security by implementing all AWS best practices, such as multi-factor authentication (MFA), robust password protection, password and access key rotation, and vulnerability and patch management.
Platform hosted on AWS
256-bit SSL/TLS.1.2 encryption
Virtual Private Cloud
Data Center in Ireland (EU) and N. Virginia (US)
Managed DDoS protection (AWS Shield)
Well-Architected Framework (WAFR)
AWS Activate Partner program
AWS Identity and Access Management (IAM)
Payments & Credit Cards
Picflow does not store any credit card information. Picflow uses Stripe as the payment platform infrastructure and for credit card processing which allows us to leverage AES-256 encryption at rest, with PCI Service Provider Level 1 standards. This is the most stringent level of certification available to the payments industry.
PCI DSS Level 1 certification
Money Transmitter Licenses across the US
E-Money Licenses in the EU and the UK
SSAE18/SOC 1 Type 1 and Type 2
SSAE18/SOC 2 Type 1 and Type 2
PSD2 and Strong Customer Authentication (SCA) compliant
Login & Authentication
Picflow does not store any login information. We have partnered with Auth0, one of the leading authentication platforms in the industry.
SSAE18/SOC 2 Type 2
Gold CSA STAR
PCI DSS Compliance
Provider: Auth0 by Okta
EU Infrastructure & GDPR Commitment
The Picflow platform infrastructure is hosted on servers based in the European Union. This allows us to meet specific regulatory and compliance requirements of organizations in Europe, including financial institutions, consultancies, and government entities. Our data center provider AWS maintains multiple certifications, including SOC 1, SOC 2, SOC 3, and ISO27001. In addition, all data is encrypted both in transit and at rest using strong encryption.
We are committed to complying with the General Data Protection Regulation and meeting our legal obligation by helping our customers become compliant.
Extended Enterprise Security
The Picflow Enterprise plan offers another layer of enhanced security features to match the needs of our enterprise customers:
Single Sign-on (SAML, LDAP, ADFS, Azure AD, Google, Okta)
Enforced Two-Factor Authentication (2FA) for members and externals
Additional Access Level Rights Management
Security API for reporting and monitoring account activity
Optional IP-Range Restriction Add-On
Something we haven't covered? Get in touch!