At Pod, we’re building the best pipeline intelligence platform for account executives. Our mission is to (A) help them manage their pipeline smarter and (B) provide a consolidated way to manage their workflow. To achieve this goal, we integrate with a variety of existing sales systems our users. We are dedicated to handling our customers’ sensitive data and adhere to best-practice standards of security and data compliance across the application.

You’ll find below a list of security measures we’ve taken to keep our users (and ourselves!) safe:

A 3rd party firm, appointed by Google, conducts a full end-to-end security audit of the Pod platform. Their assessment is based on:

The certification is renewed on a yearly basis.

We are committed to safeguarding personal data in compliance with the General Data Protection Regulation (GDPR). Our data processing activities adhere to the following principles:

We have implemented robust data protection policies and procedures, including conducting Data Protection Impact Assessments when necessary, to uphold these principles and ensure ongoing compliance with GDPR requirements.

When connecting to 3rd party systems (i.e., Salesforce, GSuite), we leverage their OAuth-based authentication option. This way, users will never give Pod access to their credentials (i.e., username, password). This way, we eliminate the risk that our users’ credentials get compromised (or accessed) through Pod by a malicious party. Additionally, we’re currently in the final steps of obtaining Google Verified App certification - which would add yet another feather of security & reliability to Pod’s cap. As an example, in order to connect their Salesforce or Google Suite accounts, users enter their credentials in a pop-up window controlled by the 3rd party application (i.e., Salesforce, Google). Through this service, the users then grant Pod permission to access their data.

We understand that these systems host sensitive information. When our users integrate their Salesforce or GSuite instances, we take an 'as-needed' approach to data storage to reduce any data leakage or exposure risk. We only keep the bare minimum data to (A) speed up/reduce the latency in the platform's user experience and (B) generate specific AI recommendations.

All our API requests & responses are sent and received using the HTTPS protocol (rather than HTTP), which encrypts request/response data and prevents potential man-in-the-middle attacks.

We protect user-generated data in Pod—such as tasks, documents, and preferences—by using encryption at rest, including for all backups. This ensures that, even in the rare event of a security breach, any accessed data remains encrypted and the risk of exposure is greatly reduced.

To maintain a secure and compliant environment, all employees, contractors, and third-party vendors (collectively referred to as "users") with access to sensitive information or critical systems of our application must undergo thorough background checks before being granted access

To ensure that malicious individuals aren’t able to access our application’s codebase or servers, we’ve enabled multi-factor authentication. We also implement strict user management protocols to protect user data, granting access to sensitive information only to authorized personnel based on their job roles.

To safeguard our platform and ensure uninterrupted user access, we utilize DDoS (Distributed Denial of Service) protection services provided by Cloudflare. This robust protection helps us detect and mitigate malicious traffic, preventing disruptions and ensuring a secure and reliable experience for all users.

In addition to the above guidelines, we ensure that we stay mindful of security best practices as part of our engineering processes. For example, we use environment variables to store sensitive information (i.e., credentials, keys). Also, we only request access to the minimum required amount of information from external sources. We consistently review and upgrade our security guidelines to ensure our approach to managing customer information aligns with the best-in-class security & compliance approach.

At Pod, we are making continuous and deliberate efforts to achieve SOC 2 and ISO 27001 compliance. This involves implementing and refining robust security policies, conducting regular risk assessments, and enhancing our internal processes to align with these frameworks. We are actively investing in advanced tools and technologies to strengthen our security posture and conducting internal audits to identify and address any gaps. Additionally, we are fostering a culture of security awareness through regular team training and clear accountability. These ongoing actions are designed to ensure that we meet the stringent requirements of SOC 2 and ISO 27001 as we move closer to full compliance.

💡 Need help? Send us a message via the in-app chat or email us at [email protected].

🤝 Want to talk to someone? Book a session with one of our specialists!