Compliance is the baseline. We're committed to protecting the creative work that our customers trust us to store. We are aiming beyond regulatory requirements and work hard to keep your ideas, data and projects confidential and secure.
Security Summary
Hosted in the EU
GDPR Compliant
SAML-based SSO
IP Restriction and account locking
Multi-layer encryption
Full range of user permissions
Communication
All user data is transported securely, as all traffic is encrypted in transit via SSL. Encrypting data in transit protects it from unauthorised snooping, modification, and man-in-the-middle attacks. We use 256-bit SSL/TLS.1.2 encryption, utilising both the ECDSA and RSA algorithms.
Cloud & Data Centre Security
Our hosting environment is fully-redundant with disaster recovery procedures. Our cloud hosting providers maintain multiple certifications for its data centers, including ISO 27001 compliance, PCI certification, and SOC. Picflow is hosted on Amazon Web Services (AWS), which means that we’ve built on a foundation of security from the start. We’ve bolstered our cloud security by implementing all AWS best practices, such as multi-factor authentication (MFA), robust password protection, password and access key rotation, and vulnerability and patch management.
EU Hosted Infrastructure
The Picflow Platform infrastructure is hosted on servers based in the European Union. This allows us to meet specific regulatory and compliance requirements of organisations in Europe, including financial institutions, consultancies and government entities. Our data center provider AWS maintains multiple certifications, including SOC 1, SOC 2, SOC 3 and ISO27001. In addition all data is encrypted both in transit and at rest using strong encryption.
GDPR Commitment
We are committed to comply with the General Data Protection Regulation, and meeting our legal obligation by helping our customers become compliant.
Payments & Credit Cards
Picflow does not store any credit card information. We have partnered with Stripe for credit card processing which allows us to leverage AES-256 encryption at rest, with PCI Service Provider Level 1 standards in the storage and handling of credit card information. This is the most stringent level of certification available to the payments industry.
Something we haven't covered? Get in touch!