Security policy
Certifications
Piiano has a SOC2 certification and the Vault has a PCI certification.
Our approach to security
We work hard to ensure the security of our products. We follow an SDLC (secure development life cycle) process in our R&D. The steps we take to ensure product security include penetration tests, automated scans, and internal and external reviews of the code, secure design, and architecture. However, vulnerabilities may still be discovered in Vault or one of its dependencies.
Vulnerabilities reporting and fixing
If you discover a vulnerability in Vault, please inform us at security@piiano.com. We make small awards, at our discretion, for correct and legitimate reports.
We fix vulnerabilities discovered in any dependencies as part of the regular release cycle. All dependencies are updated and checked for vulnerabilities during a release using automated tools. If a critical vulnerability is found, we will issue an urgent update for Vault to fix the vulnerability and inform all users when necessary.