1. Secure infrastructure and hosting
We build Piston with best-in-class and most secure tech foundations.
Regional hosting
Piston operates on secure, industry-leading cloud infrastructure, allowing customers to choose between EU and US regions to meet local data residency and compliance requirements. Your data stays where you need it, fully under your control.
Single-tenant architecture
Each customer benefits from a logically isolated, single-tenant data environment, ensuring that your information remains fully separated from other customers. While infrastructure resources may be shared, your data layer is not ; providing strong isolation, enhanced security, and full control over your environment.
Data centers & network protection
Our servers are housed in ISO 27001 and SOC 2 Type II–certified facilities with robust physical and network security. Firewalls, DDoS protection, and continuous monitoring prevent unauthorized access, and production, staging, and development environments are strictly segregated.
2. Data protection and privacy
We safeguard your data from every angle.
Role-based access control (RBAC)
RBAC with least-privilege policies ensures users access only what they need, reducing risk and keeping permissions clear and manageable.
Single sign-on (SSO) and strong authentication policy
We support SSO and enforce strong password and session policies for seamless, secure access.
Encryption
All connections to Piston are secured with HTTPS/TLS (TLS 1.2+) to ensure data in transit is always encrypted. Data at rest is also encrypted using AES‑256.
Privacy-first AI
Customer data is never used to train AI models. Any data shared with AI providers is minimized, anonymized where possible, and protected under strict contractual agreements.
Permission-aligned AI
AI interactions respect the role and permissions of the user who initiated them. This ensures that AI responses and capabilities are always aligned with the user’s access rights, maintaining consistent enforcement of data access policies.
3. Governance and Compliance
We uphold the highest global security standards.
Logging & audit trails
All actions are securely logged, creating a complete audit trail that ensures transparency, supports compliance, and helps quickly identify and resolve any security events.
GDPR & CCPA/CPRA compliance
We adhere to global privacy standards, including GDPR and CCPA/CPRA, to protect your personal data.
Security certifications
We are actively preparing for recognized certifications such as SOC 2 Type II and ISO 27001.
