Chili Piper Security

Data privacy and security is embedded in every part of our business. Visit our Security Portal to understand the details for several of the frameworks, regulations, and certifications that apply to our company and its products.

Database Security

We host your data in its own secure database on MongoDB. Only our CTO and system administrator have access to databases, for technical purposes only, accessed via VPN servers and two-factor authentication.

Logical Security

Each tenant is hosted in a separate database instance. All in-transit data is encrypted with 256 bit SSL. All our operations run at Google Cloud Platform and Kubernetes.

Physical Security

We follow the Google Security model. All our operations run at Google Cloud Platform and Kubernetes. Backups are stored on Google Cloud Storage.


We enable encryption of sensitive data both at rest and in transit over public networks. All in-transit data is encrypted with 256 bit SSL.

Data Privacy

We only use customer data to provide our Services; we do not share it with any third party nor use it for marketing purposes.

Data Ownership

Your data is yours - 100%. We won't delete data within your account without informing you and giving you time to export it.

Data Usage

We don't mine or access your data for commercial purposes and only access it to provides our Services. Security Review

Chili Piper has successfully completed the Security Review.

Integrated Services

We use OAuth tokens that are stored at S3 using native encryption.

Data Recovery

We regularly back up your data and provide a maximum 12-hour RTO and RPO.

Privacy & Safety Features

We offer you the ability to control privacy impacting features.


Chili Piper is SOC2 Type 2 and ISO 27001 Compliant

Chili Piper has achieved SOC 2 Type 2 and ISO 27001 accreditation.

GDPR Compliant

Chili Piper has taken the necessary measures to be GDPR compliant. Please see Exhibit A of our terms and conditions for more details on GDPR compliance.

Frequently asked questions

Who owns the data we store in Chili Piper? Will you use our data to build advertising products?

As a Chili Piper customer, you own and control your data. Your calendar and Salesforce remain a system of record. We do not use your data for anything other than providing you with the service to which you have subscribed.

Do you offer privacy controls in your service?

We commit to a number of privacy and security measures in the data processing terms of your agreement.

Where is our data stored?

Chili Piper servers are currently hosted in multiple Google Cloud servers across the United States.

Is our data encrypted?

Yes - we use Amazon S3. Sensitive customer data is encrypted at rest and when traversing over public networks.

What is your approach to security and which security features do you offer to protect your service from external attacks?

Security is one of the most important design principles and features of Chili Piper. Our focus on security spans hardware, software development using OWASP secure coding practices, policies and controls, and verification by independent auditors.

When it comes to security features, there are broadly two types of categories: 1) built-in security and 2) customer controls. Built-in security represents all the measures that we take on behalf of all our customers to protect your information and run a highly available service. Customer controls are features that enable you to customize Chili Piper to meet the specific needs of your organization.

Can we get our data out of your service?

You own your data and retain all rights, title, and interest in the data you store with Chili Piper. During and for 30 days after your subscription, you may migrate your data at any time and for any reason, without assistance from Chili Piper.

Will you inform us when things change in the service, and will you let us know if our data is compromised?

We do inform you if there are any important changes to the service with respect to security, privacy, and compliance. This information is delivered via our in-app notification system. We also promptly notify you via email if your data has been accessed improperly.

Are you transparent with the way you use and access our data?

We do share important aspects of data storage, such as where your data resides in terms of geographic location, who at Chili Piper can access it, and what we do with that information internally. The data processing terms of your agreement also covers how we are allowed to use your data in detail.

Our position on access to your data is:

Access to customer data is strictly controlled and logged, and sample audits are performed by both Chili Piper and third parties to attest that access is only for appropriate business purposes. We recognize the extra importance of our customers' content.

What kind of commitments do you have with respect to security and privacy?

Chili Piper includes data processing terms in our customer agreements. We are also attached to an EU Data Protection Addendum (including model clauses) through Google Cloud.

How do you ensure that your service is reliable?

We apply best practices in design and operations, such as redundancy, resiliency, distributed services, and monitoring—to name a few.

Is our data backed up? Are there disaster recovery tools in place?

All data you store in Chili Piper is fully backed up with tested and certified disaster recovery processes in place. The backup of data and disaster recovery is handled by Chili Piper. Our current RTO and RPO times are within 12 hours.

How do you connect with Salesforce?

This article shows you the Chili Piper data flow:

Where can I report incidents?

Report incidents to