Chili Piper Security

Data privacy and security is embedded in every part of our business. Visit our Security Portal to understand the details for several of the frameworks, regulations, and certifications that apply to our company and its products.

Database Security

We host your data in its own secure database on MongoDB. Only our CTO and system administrator have access to databases, for technical purposes only, accessed via VPN servers and two-factor authentication.

Logical Security

Each tenant is hosted in a separate database instance. All in-transit data is encrypted with 256 bit SSL. All our operations run at Google Cloud Platform and Kubernetes.

Physical Security

We follow the Google Security model. All our operations run at Google Cloud Platform and Kubernetes. Backups are stored on Google Cloud Storage.

Encryption

We enable encryption of sensitive data both at rest and in transit over public networks. All in-transit data is encrypted with 256 bit SSL.

Data Privacy

We only use customer data to provide our Services; we do not share it with any third party nor use it for marketing purposes.

Data Ownership

Your data is yours - 100%. We won't delete data within your account without informing you and giving you time to export it.

Data Usage

We don't mine or access your data for commercial purposes and only access it to provides our Services.

Salesforce.com Security Review

Chili Piper has successfully completed the Salesforce.com Security Review.

Integrated Services

We use OAuth tokens that are stored at S3 using native encryption.

Data Recovery

We regularly back up your data and provide a maximum 12-hour RTO and RPO.

Privacy & Safety Features

We offer you the ability to control privacy impacting features.

Certifications

Chili Piper is SOC2 Type 2 and ISO 27001 Compliant

Chili Piper has achieved SOC 2 Type 2 and ISO 27001 accreditation.

GDPR Compliant

Chili Piper has taken the necessary measures to be GDPR compliant. Please see Exhibit A of our terms and conditions for more details on GDPR compliance.

Frequently asked questions

Who owns the data we store in Chili Piper? Will you use our data to build advertising products?

Do you offer privacy controls in your service?

Where is our data stored?

Is our data encrypted?

What is your approach to security and which security features do you offer to protect your service from external attacks?

Can we get our data out of your service?

Will you inform us when things change in the service, and will you let us know if our data is compromised?

Are you transparent with the way you use and access our data?

What kind of commitments do you have with respect to security and privacy?

How do you ensure that your service is reliable?

Is our data backed up? Are there disaster recovery tools in place?

How do you connect with Salesforce?

Where can I report incidents?