Pixate Security Policy
Each person and each team using Pixate expects their data to be private, secure and confidential. We understand how important this is to our customers and work to the best of our abilities to ensure all three expectations are met.
By default, anything you post to Pixate is private to your team. That is, viewing assets and specific prototypes within a specific team requires authentication as a member of that team.
The only feature which allows sharing of a prototype outside of your team is the "public sharing" feature for prototypes. Public links can be used to share files with people outside of your Pixate team (though you would still need to send them the link as the URLs are deliberately hard to guess or predict). Once created, public links may be revoked. When you revoke a public link, it will stop working and the prototype will once again be private to your team.
When someone leaves your team, your team administrators can quickly and easily deactivate their account. The account is preserved in a deactivated state so that you may still view the prototypes and assets associated with the account, but that person will no longer be able to log in to Pixate and any sessions they have open at the time will be terminated.
Ensuring that the Pixate service remains secure is vital to protecting our own data. We protect your data with the exact same mechanisms we use to protect our own. The security of your information is required for our success as a business. Below are some details on our security practices.
100% Encrypted Traffic, in Both Directions
Whether you're at your computer or on your phone, absolutely nothing goes over the network in the clear. Pixate uses 256-bit AES, supports TLS 1.2 for all of your messages, and uses the ECDHE_RSA Key Exchange Algorithm. We monitor the security community's output closely and work promptly to upgrade the service to respond to new vulnerabilities as they are discovered.
External Security Audits
We contract with respected external security firms who perform regular audits of Pixate to verify that our security practices are sound and to monitor the service in light of new vulnerabilities discovered by the security research community.
Secure Physical Location
Our servers are located in Amazon's AWS data centers and also on Heroku’s managed systems. Each have devoted security measure information on their websites, which you can find here: http://aws.amazon.com/compliance/ and https://www.heroku.com/policy/security.
We regard the information you share within your Pixate instance as absolutely and unconditionally private and confidential. We place strict controls over our employees' access to internal data and are committed to ensuring that your data is never seen by anyone who should not see it.
While the operation of the Pixate service would not be possible unless there were some technical employees with sufficient system permissions to enable them to access and control software that stores and indexes the content you add to your Pixate instance, all are prohibited from using these permissions to view customer data.
All of our employees are bound to our policies regarding customer data and written agreements requiring them to keep all your information confidential, and we treat these issues as matters of the highest importance within our company. If, in order to diagnose a problem you are having with the service, we would need to do something which would expose your data to one of our employees in a readable form, we will always ask you prior to taking action and will not proceed without your permission. Our platform will automatically generate an audit entry of any such access.
We know how important these issues are to you. They are equally important to us. The security, privacy and confidentiality of your information are core to our success as a business and we will continue to be proactive, vigilant and diligent in ensuring its safety.
If you have additional questions regarding data privacy, security or confidentiality we'd be happy to answer them. Please write to email@example.com and we'll respond as quickly as we can.
If you believe you have found a security vulnerability on Pixate, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem. Note, however, that we do not compensate people for reporting a security vulnerability, and we do not want or permit you to cause or attempt to cause a Denial of Service (DoS) condition or access, destroy or corrupt (or attempt to access, destroy or corrupt) any data, assets or information that does not belong to you.
Report abuse of Pixate services
Please help us keep all of our users safe by reporting people or companies who distribute malware, attempt to compromise our security, or are otherwise abusing our systems. If you would like to report any such activity, please send an email to firstname.lastname@example.org.