Chili Piper Security

Chili Piper automates booking, call routing, meeting reminders & re-scheduling for sales teams.

Chili Piper uses the most advanced security measures to protect data about Chili Piper Users, Visitors and Contacts. Chili Piper operates as a workflow tool between Google Apps/Microsoft 365 calendars and Salesforce, via API access only (using OAuth 2.0 on both sides).

These systems remain the systems of record. Chili Piper only stores a copy of the events it creates, with meeting time, title, location, description, and guest lists.

Optionally, Chili Piper integrates with other apps in three different ways: Via API for conferencing systems like GoToMeeting & Zoom and phone systems like Twilio, Via a Chrome Extension for UI display for tools like Outreach, Salesloft, Gmail, Salesforce, and Via an Add-in for MS Outlook.

Database Security

We host your data in its own secure database on MongoDB. Only our CTO and system administrator have access to databases, for technical purposes only, accessed via VPN servers and two-factor authentication.

Logical Security

Each tenant is hosted in a separate database instance. All in-transit data is encrypted with 256 bit SSL. All our operations run at Google Cloud Platform and Kubernetes.

Physical Security

We follow the Google Security model. All our operations run at Google Cloud Platform and Kubernetes. Backups are stored on Amazon S3.

Encryption

We enable encryption of sensitive data both at rest and in transit over public networks. All in-transit data is encrypted with 256 bit SSL.

Data Privacy

We only use customer data to provide our Services; we do not share it with any third party nor use it for marketing purposes.

Data Ownership

Your data is yours - 100%. We won't delete data within your account without informing you and giving you time to export it.

Data Usage

We don't mine or access your data for commercial purposes and only access it to provides our Services.

Salesforce.com Security Review

Chili Piper has successfully completed the Salesforce.com Security Review.

Integrated Services

We use OAuth tokens that are stored at S3 using native encryption.

Data Recovery

We regularly back up your data and provide a maximum 12-hour RTO and RPO.

Privacy & Safety Features

We offer you the ability to control privacy impacting features.

Certifications

Chili Piper is SOC2 Type 2 Compliant

Chili Piper achieved SOC 2 Type II accreditation in November 2018.

GDPR Compliant

Chili Piper is GDPR compliant and we have undergone a readiness assessment by an independent third party. Please see Exhibit A of our terms and conditions for more details on GDPR compliance.

Frequently asked questions

As a Chili Piper customer, you own and control your data. Your calendar and Salesforce remain a system of record. We do not use your data for anything other than providing you with the service to which you have subscribed.

We commit to a number of privacy and security measures in the data processing terms of your agreement.

Chili Piper servers are currently hosted in multiple Google Cloud servers across the United States.

Yes - we use Amazon S3. Sensitive customer data is encrypted at rest and when traversing over public networks.

Security is one of the most important design principles and features of Chili Piper. Our focus on security spans hardware, software development using OWASP secure coding practices, policies and controls, and verification by independent auditors.

When it comes to security features, there are broadly two types of categories: 1) built-in security and 2) customer controls. Built-in security represents all the measures that we take on behalf of all our customers to protect your information and run a highly available service. Customer controls are features that enable you to customize Chili Piper to meet the specific needs of your organization.

You own your data and retain all rights, title, and interest in the data you store with Chili Piper. During and for 30 days after your subscription, you may migrate your data at any time and for any reason, without assistance from Chili Piper.

We do inform you if there are any important changes to the service with respect to security, privacy, and compliance. This information is delivered via our in-app notification system. We also promptly notify you via email if your data has been accessed improperly.

We do share important aspects of data storage, such as where your data resides in terms of geographic location, who at Chili Piper can access it, and what we do with that information internally. The data processing terms of your agreement also covers how we are allowed to use your data in detail.

Our position on access to your data is:

Access to customer data is strictly controlled and logged, and sample audits are performed by both Chili Piper and third parties to attest that access is only for appropriate business purposes. We recognize the extra importance of our customers' content.

Chili Piper includes data processing terms in our customer agreements. We are also attached to an EU Data Protection Addendum (including model clauses) through Google Cloud.

We apply best practices in design and operations, such as redundancy, resiliency, distributed services, and monitoring—to name a few.

All data you store in Chili Piper is fully backed up with tested and certified disaster recovery processes in place. The backup of data and disaster recovery is handled by Chili Piper. Our current RTO and RPO times are within 12 hours.

This article shows you the Chili Piper data flow: https://support.chilipiper.com/article/329-chili-piper-data-flow.

Report incidents to support@chilipiper.com.