Committed to keeping your data safe and secure.
We host our servers in a secure data center and use the latest security practices to protect customer data.
At Piik, we understand that you are entrusting us with one of your most valuable assets - the financial data of your company or client. We take this responsibility very seriously and strive to provide a secure environment for your data.
Data ownership and deletion
You own your data, and we are the caretakers. We ensure that we have the necessary controls to manage access to your data. When you delete a company from Piik, we delete any associated access tokens to ensure we can no longer access your data. The data will exist in our offsite backup for a period of time and then be removed, ensuring no data remains with Piik.
Hosting and physical security
Piik is hosted on Microsoft Azure, a highly scalable cloud computing platform with end-to-end security and privacy features built-in. We take additional measures to maintain a secure infrastructure and application environment. For more specific details regarding Azure security, please refer to http://azure.microsoft.com/en-us/support/trust-center/.
User access and identity management
We use Auth0 for identity and user access management. No usernames or passwords are stored on Piik servers. To access Piik, all users securely identify themselves through their login credentials on Auth0, or using social logins via Google or Microsoft accounts. For more specific details regarding Auth0 security, please refer to https://auth0.com/security/.
Within each account, Piik provides multiple levels of access to confidential customer data. You can invite or remove individual users from your account whenever you want.
We partner with Stripe to manage payments on Piik. Stripe is certified as a PCI Level 1 Service Provider. Piik does not have access to customer credit card data at all. For more information on Stripe security, please refer to https://stripe.com/docs/security/.
Data protection and backup
The availability of your data is crucial to your use of Piik. We backup and encrypt your data (256-bit AES encryption) before moving it to a secure offsite location in a secondary data center. This means that in the event of a disaster or an outage at our primary datacenter, we can recover quickly and continue to provide Piik from a geographically redundant secondary facility.
Company-specific data is kept separate through logical separation at the data tier, based on application-level access permissions and roles. Piik contains redundancy in as many areas as possible to avoid and recover from failure. This includes a load-balanced and clustered environment with automatic recovery on physical hardware failures.
We hope this overview of our security measures provides you with peace of mind while using Piik. We are committed to ensuring the confidentiality, integrity, and availability of your data. If you have any questions or concerns, please contact us at support[@]piik.io.