SOC 2 Certification
Pipeline CRM is SOC 2 certified. This means our security controls, availability, and data handling practices have been independently audited and verified against the AICPA's Trust Service Criteria.
PCI Compliance
Pipeline CRM is not PCI compliant because PCI compliance requires an external audit, which we do not undergo.
However, we also do not store credit card information anywhere in our systems, so PCI compliance is not necessary for our operations.
HIPAA Compliance
Pipeline CRM is not HIPAA compliant and we are not able to sign a Business Associate Agreement (BAA).
If your organization requires HIPAA-compliant software, Pipeline CRM is not the right fit for storing or managing protected health information (PHI). We recommend consulting with your compliance team before using any CRM to handle PHI.
GDPR
Pipeline CRM supports General Data Protection Regulation (GDPR) compliance. Our data practices are designed to give you control over your data, including the ability to edit, export, and request deletion of your records at any time.
For more details, visit our Privacy Policy or our GDPR page.
Where Is Your Data Hosted?
Pipeline CRM data is hosted on servers located in the United States. We use Amazon Web Servers to keep your data secure and back up our entire data base every four hours.
Data Encryption & Security Practices
- All data is transmitted over HTTPS using TLS encryption.
- Access to your account data is controlled through role-based permissions.
- Admins can manage user access and immediately revoke permissions for inactive users.
- Pipeline CRM performs routine and automated data deletion after account cancellation.
You control your data at all times. You can edit or delete records, export your data to CSV, and request special data removal by contacting our support team with written admin consent.
After account cancellation, your data is retained for 270 days, then permanently deleted.
Need help? Contact support at [email protected].