Skip to main content
All CollectionsTerms & PolicIies 🔖
Security & Compliance Guidelines
Security & Compliance Guidelines

This document highlights the security measures and protocols we put in place to ensure our customers’ data is security.

Patrick Monnot avatar
Written by Patrick Monnot
Updated over a week ago

Overview

At Pod, we’re building the best pipeline intelligence platform for account executives. Our mission is to (A) help them manage their pipeline smarter and (B) provide a consolidated way to manage their workflow. To achieve this goal, we integrate with a variety of existing sales systems our users. We are dedicated to handling our customers’ sensitive data and adhere to best-practice standards of security and data compliance across the application.

You’ll find below a list of security measures we’ve taken to keep our users (and ourselves!) safe:

0. Google security assessment

A 3rd party firm, appointed by Google, conducts a full end-to-end security audit of the Pod platform. Their assessment is based on:

  • Intelligence-Led External Network Infrastructure Penetration Testing

  • Internal Network Infrastructure Penetration Testing

  • Intelligence-Led Application Penetration Testing

  • Cloud or On-premises deployment environment security assessment and control validation

  • Information Security policies and procedures review

The certification is renewed on a yearly basis.

1. OAuth-driven Authentication

When connecting to 3rd party systems (i.e., Salesforce, GSuite), we leverage their OAuth-based authentication option. This way, users will never give Pod access to their credentials (i.e., username, password). This way, we eliminate the risk that our users’ credentials get compromised (or accessed) through Pod by a malicious party. Additionally, we’re currently in the final steps of obtaining Google Verified App certification - which would add yet another feather of security & reliability to Pod’s cap. As an example, in order to connect their Salesforce or Google Suite accounts, users enter their credentials in a pop-up window controlled by the 3rd party application (i.e., Salesforce, Google). Through this service, the users then grant Pod permission to access their data.

2. Minimal data storage from third-party sources

We understand that these systems host sensitive information. When our users integrate their Salesforce or GSuite instances, we take an 'as-needed' approach to data storage to reduce any data leakage or exposure risk. We only keep the bare minimum data to (A) speed up/reduce the latency in the platform's user experience and (B) generate specific AI recommendations.

3. HTTPS Protocol

All our API requests & responses are sent and received using the HTTPS protocol (rather than HTTP), which encrypts request/response data and prevents potential man-in-the-middle attacks.

4. Database encryption

We protect user-generated data in Pod—such as tasks, documents, and preferences—by using encryption at rest, including for all backups. This ensures that, even in the rare event of a security breach, any accessed data remains encrypted and the risk of exposure is greatly reduced.

5. Background checks

To maintain a secure and compliant environment, all employees, contractors, and third-party vendors (collectively referred to as "users") with access to sensitive information or critical systems of our application must undergo thorough background checks prior to being granted access

6. Multi-factor authentication (MFA) for infrastructure access & User Management

In order to ensure that malicious individuals aren’t able to access our application’s codebase or servers, we’ve enabled multi-factor authentication. We also implement strict user management protocols to protect user data, granting access to sensitive information only to authorized personnel based on their job roles.

7. DDOS protection

To safeguard our platform and ensure uninterrupted access for our users, we utilize DDoS (Distributed Denial of Service) protection services provided by Cloudflare. This robust protection helps us detect and mitigate malicious traffic, preventing disruptions and ensuring a secure and reliable experience for all users.

8. Software development best practices

In addition to the above guidelines, we ensure to stay mindful of security best practices as part of our engineering processes. For example, we use environment variables to store sensitive information (i.e., credentials, keys). Also, we only request access to the minimum required amount of information from external sources. We consistently review and upgrade our security guidelines to ensure our approach to managing customer information is in line with the best-in-class security & compliance approach.


💡 Need help? Send us a message via the in-app chat or email us at [email protected].

🤝 Want to talk to someone? Book a session with one of our specialists!

Did this answer your question?