Security Policy

Learn which security measures we are taking to protect your account.

Updated over a week ago

Compliance is the baseline. We're committed to protecting the creative work that our customers trust us to store. We are aiming beyond regulatory requirements and work hard to keep your ideas, data, and projects confidential and secure.

Cloud & Data Center Security

Picflow is hosted on Amazon Web Services (AWS), which means that we’ve built on a foundation of security from the start. Our hosting environment is fully-redundant with disaster recovery procedures. All user data is transported securely, as all traffic is encrypted in transit via SSL. Our cloud hosting providers maintain multiple certifications for their data centers, including ISO 27001 compliance, PCI certification, and SOC. We’ve bolstered our cloud security by implementing all AWS best practices, such as multi-factor authentication (MFA), robust password protection, password and access key rotation, and vulnerability and patch management.

  • Platform hosted on AWS

  • 256-bit SSL/TLS.1.2 encryption

  • Virtual Private Cloud

  • Data Center in Ireland (EU) and N. Virginia (US)

  • Server-Side Encryption

  • Managed DDoS protection (AWS Shield)

  • Well-Architected Framework (WAFR)

  • AWS Activate Partner program

  • AWS Identity and Access Management (IAM)

Provider: AWS


Payments & Credit Cards

Picflow does not store any credit card information. Picflow uses Stripe as the payment platform infrastructure and for credit card processing which allows us to leverage AES-256 encryption at rest, with PCI Service Provider Level 1 standards. This is the most stringent level of certification available to the payments industry.

  • AES-256 Encryption

  • PCI DSS Level 1 certification

  • Money Transmitter Licenses across the US

  • E-Money Licenses in the EU and the UK

  • SSAE18/SOC 1 Type 1 and Type 2

  • SSAE18/SOC 2 Type 1 and Type 2

  • PSD2 and Strong Customer Authentication (SCA) compliant

Provider: Stripe


Login & Authentication

Picflow does not store any login information. We have partnered with Auth0, one of the leading authentication platforms in the industry.

  • GDPR Compliant

  • ISO27001

  • SSAE18/SOC 2 Type 2

  • ISO27018

  • HIPAA BAA

  • Gold CSA STAR

  • PCI DSS Compliance

Provider: Auth0 by Okta


EU Infrastructure & GDPR Commitment

The Picflow platform infrastructure is hosted on servers based in the European Union. This allows us to meet specific regulatory and compliance requirements of organizations in Europe, including financial institutions, consultancies, and government entities. Our data center provider AWS maintains multiple certifications, including SOC 1, SOC 2, SOC 3, and ISO27001. In addition, all data is encrypted both in transit and at rest using strong encryption.

We are committed to complying with the General Data Protection Regulation and meeting our legal obligation by helping our customers become compliant.


Extended Enterprise Security

The Picflow Enterprise plan offers another layer of enhanced security features to match the needs of our enterprise customers:

  • Single Sign-on (SAML, LDAP, ADFS, Azure AD, Google, Okta)

  • Enforced Two-Factor Authentication (2FA) for members and externals

  • Additional Access Level Rights Management

  • Security API for reporting and monitoring account activity

  • Optional IP-Range Restriction Add-On


Something we haven't covered? Get in touch!

Did this answer your question?