Security Overview

At ProtoPie, we have always been at the forefront of innovation. As more and more companies trust us to prototype their groundbreaking ideas, we recognize the paramount importance of security. Ensuring the privacy and security of your data is our utmost concern.

Explore the following topics for a comprehensive understanding of our data handling and security measures for Enterprise environments:

Compliance Framework
Learn about our compliance framework and its alignment with industry standards and regulations to ensure the highest data privacy and protection level.
Risk Management
Discover how we proactively identify, assess, and mitigate risks to safeguard your data from potential threats and vulnerabilities.
Data Transit, Storage & Backup
Understand the measures we have in place to secure data during transit, how we store your data with integrity, and our reliable backup procedures to prevent data loss.
Access Control
Explore our rigorous access control mechanisms that allow you to manage and control who can access your prototypes, ensuring confidentiality and data privacy.
Network & ProtoPie Player App Security
Learn about the security measures implemented within our network infrastructure and ProtoPie Player app to protect against unauthorized access and ensure secure interactions.
Physical Security
Discover the stringent physical security measures we have in place to safeguard our facilities and infrastructure against unauthorized access and potential threats.
Incident Report
Stay informed on our incident response plan, including the procedures for detecting, reporting, and responding to security incidents.

Service Architecture

To gain a better understanding of the technical architecture of our solution, please refer to the diagram provided at this link. The diagram visually represents our solution's structure and components, helping you grasp the overall framework.

Regarding coding technologies, we utilize Clojure for the backend side and JavaScript for the front-end side. By leveraging the strengths of Clojure and JavaScript, we can provide a solid foundation for our solution's functionality and user interface, resulting in a secure and dynamic experience for our users.

Keeping Your Work Secure

First and foremost, uploading prototypes to ProtoPie Cloud is optional. By subscribing to our Pro or Enterprise plans, you can easily store prototypes on your local machine.

Privacy Protection

ProtoPie Enterprise Cloud users are provided with a dedicated and private cloud environment. Their data and networks are completely isolated from other users of our solution, ensuring the highest level of confidentiality and control.

We also have a dedicated Data Protection Officer (DPO) who is responsible for ensuring compliance with data protection laws and regulations. The DPO oversees our data protection practices, acts as a point of contact for personal data and privacy concerns, and ensures that we uphold the highest privacy protection standards.

To understand how we handle data mapping in our database, including the identification of database fields, their purpose for collection and processing, and their retention, please refer to our privacy policy.

Managing Access to Prototypes

At ProtoPie, we understand the importance of maintaining control over your prototypes and ensuring that only authorized individuals can access them.

Prototype owners have the flexibility to choose the level of access they want to grant. You can opt to allow unrestricted access, making your prototypes available to anyone with the appropriate link. Alternatively, you can restrict access to selected accounts only. For an added layer of security, we also offer password protection. With this feature, you can securely share your prototypes with external parties by providing them with a password.
Learn more about how to manage access to prototypes.

Restricting Public Access to Prototypes

With our Enterprise plan, the service admin has the capability to manage public access, providing you with full control over who can view and interact with your prototypes.

By restricting public access, editors within your organization can ensure that their prototypes are only accessible to individuals within the ProtoPie Enterprise environment. This means that the sensitive information contained within your prototypes remains protected from unauthorized access.
Learn more about how to restrict public access to prototypes.

Role-Based Access Control (RBAC)

With ProtoPie's Pro and Enterprise plans, we offer advanced access control capabilities through Role-Based Access Control (RBAC). RBAC allows you to have fine-grained control over the permissions and privileges of team members within your organization.

You can assign specific roles to team members, such as editors or viewers, based on their responsibilities and requirements. This ensures that each team member has the appropriate level of access to the cloud environment. These roles can be revoked as needed, enabling efficient management of access rights.
Learn more about editors & viewers, team owners & team admins, and service admin.

Single Sign-On (SSO)

SSO is supported for companies on our Enterprise plan. The service admin is responsible for configuring SSO for the enterprise environment. With SSO, accounts can access the enterprise space through the chosen authentication solution (e.g., Okta, Auth0, OneLogin).

These two SSO protocols are supported:

SAML 2.0
OpenID Connect (OIDC) – on top of OAuth 2.0

Learn more about how to configure SSO in your enterprise environment.

Compliance Framework

ProtoPie operates within a stringent compliance framework to ensure adherence to relevant regulations, industry standards, and best practices. This framework serves as a guide for our operations, enabling us to maintain the highest level of legal and ethical conduct.

We are proud to hold ISO 27001 and ISO 27701 certificates, which demonstrate our commitment to information security and privacy management.

To verify the validity and status of our certifications, you can easily visit our protected website at trust.protopie.support for the most up-to-date information.

You will find the latest details about our certifications, including:

ISO/IEC 27001: 2013
ISO/IEC 27701: 2019

ISO 27001

ISO 27001 is a widely recognized information security standard that sets the requirements for implementing an Information Security Management System (ISMS). By adhering to ISO 27001, we demonstrate our commitment to safeguarding your data and mitigating information security risks.

ISO 27701

ISO 27701 is an extension to ISO 27001 that specifically addresses data privacy management. By aligning with ISO 27701, we demonstrate our dedication to protecting your personal and sensitive information, enhancing transparency, and complying with applicable data protection regulations.

General Data Protection Regulation (GDPR)

ProtoPie fully complies with the General Data Protection Regulation (GDPR). The GDPR grants European Union citizens greater control over their personal data. We are committed to safeguarding your personal data, ensuring your rights to privacy and transparency.

California Consumer Privacy Act (CCPA)

ProtoPie also complies with the California Consumer Privacy Act (CCPA), which governs the handling of personal data of California residents. The CCPA empowers you to have a say in how your personal data is used and shared. We are committed to fulfilling our obligations under the CCPA and protecting your privacy.

Payment Card Industry Data Security Standard (PCI DSS)

While we do not process or store payment data ourselves, we work with trusted payment providers who comply with the Payment Card Industry Data Security Standard (PCI DSS). Our primary payment providers, FastSpring and Paddle, as well as our secondary payment provider, PayPal, adhere to the rigorous security requirements of PCI DSS. This ensures that your payment information is handled with the highest level of security and confidentiality.