Security Overview

How we protect your projects

PinPic was built for teams that rely on brand assets and customer data. This page outlines the technical and organizational safeguards we maintain.

Last reviewed: 11 Nov 2024 Security contact: security@pinpic.app

Infrastructure

  • Cloud hosting: All services run on hardened cloud infrastructure with network segmentation and least-privilege access.
  • Data location: Customer content is stored on servers in Germany (EU).
  • Encryption: Data is protected in transit using HTTPS/TLS. At-rest protections are provided by our storage and infrastructure providers.
  • Backups: We maintain operational backups and recovery procedures to support service continuity.

Application security

  • Role-based access controls and secure session management protect dashboard access.
  • Embeds are sandboxed and only load the resources required to render hotspots.
  • Abuse prevention controls protect authentication and API endpoints (for example, CSRF checks, rate limits, and bot protection).
  • Security updates and code changes are deployed regularly as part of ongoing maintenance.

Organizational practices

Training

All employees complete annual security, privacy, and phishing training. Access is revoked immediately upon offboarding.

Vulnerability disclosure

Researchers can report issues to security@pinpic.app. We acknowledge reports within two business days.

Compliance

PinPic supports GDPR data processing terms (including DPA/SCC documentation on request). Contact us for current compliance and security documentation.

Customer responsibilities

Security is a shared responsibility. To keep your account safe:

  • Use a secure email account and control who can request sign-in links for your organization.
  • Limit dashboard access to trusted teammates and review roles regularly.
  • Notify us immediately if you suspect unauthorized access.

Incident response

We maintain a 24/7 on-call rotation. If an incident affects your data, we will notify your account owner without undue delay, provide status updates, and share remediation details once resolved.

Report an issue

Email security@pinpic.app or open a ticket from the dashboard. Include reproduction steps, impact, and any logs you can share securely.