Data Security & Privacy

PI.EXCHANGE runs on Google Cloud Platform (GCP). GCP upholds the highest security standards. All data is hosted in a secure GCP facility that is SOC 2, ISO 27001, ISO 27017, ISO 27701 and CSA compliant.

Data is encrypted in transit (TLS) and at rest provided by the Google Cloud Storage Server-Side Encryption. To process data it is securely accessed with a secure connection using TLS v3 encryption.

No data provided by the user is copied or transmitted for any purpose other than preparing data, training models, generating predictions based on a trained model, or as otherwise required to support the user or via a consulting engagement with the Advanced AI Services.

Trained models, input data, and predictive outputs are only accessible to the customer, with a small amount of metadata used for product enhancements. No data about the model is shared or used outside of this purpose.

All access to the platform is authenticated. To authenticate users use a signed and encrypted access token that is obtained after entering an 8-character (or more) password that consists of at least one: number, lowercase letter, uppercase letter, and special character then verifying their email.

PI.EXCHANGE uses a Role-Based Access Control (RBAC) model for managing data and related assets within the product at 2 levels: organization and project level. A user’s data, projects, and models are segregated from other accounts and users as defined by the RBAC system.

PI.EXCHANGE runs on secure and access-controlled multi-tenant environment only accessible via secured portals and APIs. This includes the API for the SDK and prediction API of the deployed models. We apply a Zero Trust Security model in our approach to the design and implementation of systems.

We do not store and transfer data outside of the client's chosen environment. If it is an on-premise deployment data is encrypted in transit and at rest provided by the MinIO Server Side Encryption. If it is a private cloud deployment we utilize the client's S3-compatible services.

PI.EXCHANGE understands that data is an organizations most strategic and vital asset. As such, the security and privacy of data are our highest priorities. Changes to PI.EXCHANGE’s infrastructure is tracked and where there is a security impact is reported to clients.

All actions performed are accessible via logs. This means there is traceability of any user activity. These logs are only exposed to the user with appropriate permissions so internal audits can be performed.

PI.EXCHANGE products are architected and configured to achieve High Available, Fault Tolerance, and for Disaster Recovery requirements. PI.EXCHANGE employs Google Cloud Load Balancing to distribute incoming application traffic across multiple targets, increasing the availability of the application and safeguarding our products from various forms of DDoS attacks.

PI.EXCHANGE ensures security, privacy integrity, and compliance via a Zero Trust and Zero Tolerance model. We follow a well-defined suite of Information Security Policies & Standards that guide the design, development, and operations of the product and services.

Our products are built with a security-by-design approach adhering to OWASP S-SDLC best practices. We employ state-of-the-art protection measures including, but not limited to, privilege account management, centrally managed endpoint protection, intrusion prevention system, and firewalls at different layers and segments of our infrastructure.

We may collect some personal information to better provide support and services to our users through the website and the relevant products. We maintain up-to-date policies including Website Terms of Use, Privacy Policy, User Notices and the EULA.