Designed for the most demanding environments
Data security and privacy are at the heart of Pinpo. We protect them at every step, so you can focus on what matters most: your business.
Certified and compliant
Data Sovereignty
Data hosted in the European UnionPinpo is hosted in France at Scaleway, on an infrastructure certified ISO 27001 and compliant with European regulations.
Your data remains located in the chosen region and is never transferred without your agreement. We guarantee full transparency on our infrastructure and subcontractors, to give you complete control over the location and processing of your data.
Data privacyPrompts and workspace data are never used to train our models. Our AI subcontractors are bound by strict contractual obligations limiting the use and retention of client data. Your data belongs to you and remains under your control.
GDPR compliance & data processingA Data Processing Agreement (DPA) is systematically concluded with each client. We ensure complete transparency on the treatments carried out on your behalf and on our subcontractors, selected according to strict criteria. Any incident is reported in accordance with regulatory requirements.
Access & Control
Enhanced authentication and granular access controlMulti-factor authentication (MFA) is enabled by default for all users. Access is managed granularly by role and systematically verified server-side. Sessions are secured with configurable expiration rules.
Inactive accounts are automatically deactivated or deleted according to defined policies.
Isolation by designEach workspace and project is logically isolated.
Client data is strictly compartmentalized and inaccessible between accounts.
Environments are clearly separated and verified before any production release.
Complete traceability of all actionsEvery connection, modification and export is recorded in timestamped and non-modifiable audit logs. Administrators access the complete history of actions by user, agent or organization.
Compliance & AI Governance
A supervised, transparent AI under your controlCompliant with the AI Act, the Pinpo system is neither prohibited (article 5) nor classified as « high risk » (Title III), and falls under a low-risk level.
AI agents operate within a strictly defined framework, with human supervision at all times. A compliance audit is available upon request for Enterprise clients.
Strict control of AI agent actionsAI agents intervene only within the perimeter you have defined. No action outside the framework nor escalation without explicit validation.
You keep total control and can intervene or suspend an agent at any time.
Consent management and anonymizationAny request to opt out (e.g. “STOP”) will result in conversations being stopped immediately and your status being updated in your CRM.
Rules for anonymising personal data can be configured at organisation-wide level, in line with your regulatory requirements.
Continuous Monitoring
Continuous monitoring and abuse detectionThe platform is continuously monitored to identify abnormal usage, abusive or any compromise attempts.
Automated mechanisms apply rate limits (rate limiting) and detect suspicious behaviors across all users and environments.
Risky activities are analyzed by our dedicated security and compliance teams.
Automated security analysisThe generated code, dependencies and configurations are updated regularly to eliminate any risks.
Independent security audits and regular assessments further strengthen our controls over time.
Secured infrastructurePinpo's infrastructure is built on advanced security standards: data encryption, adaptive rate limiting and network segmentation. All exchanges are secured via HTTPS (TLS 1.3), critical accesses are strictly controlled, and all activities are continuously monitored to detect and prevent any anomaly.
