We have completed our SOC 2 Type 2 audit with third-party audit firm A-LIGN. Our SOC 2 covers the Security, Availability, and Confidentiality trust criteria. We have not yet completed an ISO/IEC 20071 certification.

We work with enterprise customers to meet their compliance obligations. For example, we can represent our security practices in enterprise contracts.

For access to our SOC 2 Type 2 report and other confidential security information, contact [email protected].

Our services are HIPAA-eligible – they can be configured and used in a way that is HIPAA compliant. The most common way is to configure our services to not access pages with Protected Health Information (PHI), or to only transmit PHI directly between the user's browser and a HIPAA compliant service.

We work with enterprise customers to meet their HIPAA compliance obligations. For example, we are able to execute Business Associate Agreements (BAAs) and represent our security practices.

We are currently exempt from and do not attest to compliance with all provisions of the California Consumer Privacy Act (CCPA). However, we do comply with most of the provisions and are working to officially attest to compliance.

Our Privacy and Security Policy enumerates what personal information we collect and how it is used. We never sell your personal information, so there's nothing to opt-out of. To request what information we have about you, or to delete your account and personal information, contact  [email protected].

Yes, we are GDPR compliant. For our standard Data Processing Agreement (DPA), refer to our Terms and Conditions.

Data is processed in the United States and EU under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and, as applicable, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
‍
Additionally, we are able to execute custom Data Processing Agreements (DPA) with enterprise customers to ensure they meet their GDPR and compliance obligations. For more information, contact [email protected] or your Account Executive.

To make a Data Subject Access Request (DSAR), contact [email protected]

We created PixieBrix for the exclusive use of adults (18 and older). We don’t knowingly collect or solicit personal information from children. If you are a child under 18, please do not attempt to register for our products or send any personal information to us.

We do not have a bug bounty program and do not pay monetary rewards for reporting security vulnerabilities. If you discover a vulnerability, please follow our Responsible Disclosure instructions.