Security

Pipemode provides robust analytics, features and tools to enhance data intelligence and outbound and electronic communications between our partners and clients.

Why do we need permission to access your Social Media account?

We ask the user for permission to connect to his or her Social Media account and authenticate that connection via OAuth. This means that each users’ Pipemode account has the same industry-leading login security as their Social Media account. Users can add 2-factor authentication if they choose.

Pipemode requests access to the following Social Network information so that our features can work:

  • Read your email

  • Manage your contacts (Pipemode enables you to create contact groups based on your Social Media contact groups)

  • View your contacts

What information do we collect?

The integration with Social Networks provides Pipemode with access to, for instance, a Google or LinkedIn user’s email and contacts, as described above. However, Pipemode only collects the user’s name and email address, and, while a user is writing a message through our platform, the content of the draft message is stored on our servers. Once the message is sent, we transfer the content back to the user’s Gmail account where it is stored on Google’s servers. In addition, when a user sends an email, the recipient’s email address and IP address are stored on our servers, to provide the user with tracking and analytics.

How do we collect the information?

This is a two-step process. In the first step, Pipemode notifies the user that use of the Pipemode products are subject to the terms of the Pipemode Terms of Service and Privacy Policy each of which describes how we process a user’s data. The user must then click “Activate Pipemode” to proceed to the second step. In the second step, “e.g. Google Apps” provides notice of the types of information that will be accessible by Pipemode and the scope of the authorisation the user is giving to Google and to Pipemode to enable the connection, and the user must click “Allow” to proceed with using the Pipemode platform.

How is user data protected?

Pipemode protects user data throughout the data flows of the Pipemode platform, from account creation and integration through Social Media OAuth services, to encryption of data in transit to Pipemode servers (using browser-based TLS) and encryption of that data at rest (using AES-256), to a variety of administrative, physical, and technical safeguards designed to create a secure environment for our customers’ data. As a result, the Pipemode platform can be implemented within a HIPAA-compliant environment.

We work with industry-leading cloud PaaS and IaaS providers. All Pipemode applications run in a virtual private cloud (VPC) hosted by AWS, including failover and backup instances. User data transferred to Pipemode is hosted by our cloud-based database provider, Mongo, which also store and process the data using industry standard infrastructure. These infrastructure providers maintain industry-standard security certifications, including ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3 and PCI DSS Level 1.

What compliance initiatives do we undertake?

Pipemode has created a robust security program designed to meet the requirements of a ‘business associate’ under HIPAA, including implementation of each of the implementation specifications which underlie the administrative, physical, and technical safeguards required under the Security Rule. In addition, Pipemode has implemented a comprehensive internal security policy and program to regularly review and assess the adequacy of controls we have in place.