Honest security.
No certifications we don't hold.
We protect data with the same rigour we apply to product quality. We don't claim certifications we haven't earned. Below is exactly what we do today.
Pillars
Four things we get right.
All traffic to piplead.com and the workspace is served over TLS 1.2 or higher. Data at rest is encrypted via our managed Postgres provider with provider-managed keys.
Role-based access with least-privilege defaults. Multi-factor authentication is required for staff access to production. Customer admins manage their own workspace seats.
Administrative actions are logged and retained. We monitor application errors and anomalous access patterns and alert on-call engineers around the clock.
Dependencies are reviewed continuously. Critical patches are applied within 7 days; high within 30. Coordinated disclosure: security@piplead.com.
Incident response
Customers notified within 72 hours.
If we confirm a personal-data breach affecting a Customer, we notify the Customer's admin contacts without undue delay and within 72 hours of confirmation. The notification includes what happened, what data was affected, what we have done, and what the Customer should do.
We maintain an internal runbook covering detection, containment, eradication, recovery, and post-incident review. The runbook is reviewed at least annually.
What we don't claim
We don't hold SOC 2 — yet.
We do not currently hold a SOC 2 Type I or Type II report, ISO 27001 certification, or PCI DSS attestation. We will not claim them on this site until they exist and have been independently audited.
For enterprise security reviews we can share: a security whitepaper, the sub-processor list, the DPA, and a completed CAIQ-Lite questionnaire on request.
Coordinated disclosure
Found something? Tell us.
Email security@piplead.com with details, reproduction steps, and your preferred attribution. We commit to a first response within one business day, regular updates while we triage, and a public acknowledgement when fixed (with your permission).
Piplead is a platform operated by Finnect, LLC · 701 Tillery Street #2589, Austin, TX 78702, United States · A B2B service for licensed financial businesses.