Data privacy and security is embedded in every part of our business. Visit our Security Portal to understand the details for several of the frameworks, regulations, and certifications that apply to our company and its products.
Chili Piper has achieved SOC 2 Type 2 and ISO 27001 accreditation.
Chili Piper has taken the necessary measures to be GDPR compliant. Please see Exhibit A of our terms and conditions for more details on GDPR compliance.
Who owns the data we store in Chili Piper? Will you use our data to build advertising products?
As a Chili Piper customer, you own and control your data. Your calendar and Salesforce remain a system of record. We do not use your data for anything other than providing you with the service to which you have subscribed.
Do you offer privacy controls in your service?
We commit to a number of privacy and security measures in the data processing terms of your agreement.
Where is our data stored?
Chili Piper servers are currently hosted in multiple Google Cloud servers across the United States.
Is our data encrypted?
Yes - we use Amazon S3. Sensitive customer data is encrypted at rest and when traversing over public networks.
What is your approach to security and which security features do you offer to protect your service from external attacks?
Security is one of the most important design principles and features of Chili Piper. Our focus on security spans hardware, software development using OWASP secure coding practices, policies and controls, and verification by independent auditors.
When it comes to security features, there are broadly two types of categories: 1) built-in security and 2) customer controls. Built-in security represents all the measures that we take on behalf of all our customers to protect your information and run a highly available service. Customer controls are features that enable you to customize Chili Piper to meet the specific needs of your organization.
Can we get our data out of your service?
You own your data and retain all rights, title, and interest in the data you store with Chili Piper. During and for 30 days after your subscription, you may migrate your data at any time and for any reason, without assistance from Chili Piper.
Will you inform us when things change in the service, and will you let us know if our data is compromised?
We do inform you if there are any important changes to the service with respect to security, privacy, and compliance. This information is delivered via our in-app notification system. We also promptly notify you via email if your data has been accessed improperly.
Are you transparent with the way you use and access our data?
We do share important aspects of data storage, such as where your data resides in terms of geographic location, who at Chili Piper can access it, and what we do with that information internally. The data processing terms of your agreement also covers how we are allowed to use your data in detail.
Our position on access to your data is:
Access to customer data is strictly controlled and logged, and sample audits are performed by both Chili Piper and third parties to attest that access is only for appropriate business purposes. We recognize the extra importance of our customers' content.
What kind of commitments do you have with respect to security and privacy?
Chili Piper includes data processing terms in our customer agreements. We are also attached to an EU Data Protection Addendum (including model clauses) through Google Cloud.
How do you ensure that your service is reliable?
We apply best practices in design and operations, such as redundancy, resiliency, distributed services, and monitoring—to name a few.
Is our data backed up? Are there disaster recovery tools in place?
All data you store in Chili Piper is fully backed up with tested and certified disaster recovery processes in place. The backup of data and disaster recovery is handled by Chili Piper. Our current RTO and RPO times are within 12 hours.
How do you connect with Salesforce?
This article shows you the Chili Piper data flow:
Where can I report incidents?
Report incidents to firstname.lastname@example.org.