Compliance is the baseline. We're committed to protecting the creative work that our customers trust us to store. We are aiming beyond regulatory requirements and work hard to keep your ideas, data and projects confidential and secure.

Security Summary

  • Hosted in the EU

  • GDPR Compliant

  • SAML-based SSO

  • IP Restriction and account locking

  • Multi-layer encryption

  • Full range of user permissions


All user data is transported securely, as all traffic is encrypted in transit via SSL. Encrypting data in transit protects it from unauthorised snooping, modification, and man-in-the-middle attacks. We use 256-bit SSL/TLS.1.2 encryption, utilising both the ECDSA and RSA algorithms.

Cloud & Data Centre Security

Our hosting environment is fully-redundant with disaster recovery procedures. Our cloud hosting providers maintain multiple certifications for its data centers, including ISO 27001 compliance, PCI certification, and SOC. Picflow is hosted on Amazon Web Services (AWS), which means that we’ve built on a foundation of security from the start. We’ve bolstered our cloud security by implementing all AWS best practices, such as multi-factor authentication (MFA), robust password protection, password and access key rotation, and vulnerability and patch management.

EU Hosted Infrastructure

The Picflow Platform infrastructure is hosted on servers based in the European Union. This allows us to meet specific regulatory and compliance requirements of organisations in Europe, including financial institutions, consultancies and government entities. Our data center provider AWS maintains multiple certifications, including SOC 1, SOC 2, SOC 3 and ISO27001. In addition all data is encrypted both in transit and at rest using strong encryption.

GDPR Commitment

We are committed to comply with the General Data Protection Regulation, and meeting our legal obligation by helping our customers become compliant.

Payments & Credit Cards

Picflow does not store any credit card information. We have partnered with Stripe for credit card processing which allows us to leverage AES-256 encryption at rest, with PCI Service Provider Level 1 standards in the storage and handling of credit card information. This is the most stringent level of certification available to the payments industry.

Something we haven't covered? Get in touch!

Did this answer your question?