Piloteer Trust Center
Welcome to Piloteer’s Security & Trust Center. Protecting customer data is foundational to our business. Security, privacy, and reliability are embedded into our infrastructure, development processes, and daily operations. Use this portal to learn about our security posture and compliance alignment, and to request access to relevant security documentation. For any security-related inquiries not addressed here, please contact us at security@piloteer.ai
Compliance
Resources
Network Security Policy
Consent Withdrawal Policy
Information Security Policy
GDPR Information Security and Access Control Policy
Risk and Governance Executive Committee Charter
Controls
Password rules enforced
Source code access restricted and changes logged
Production access keys restricted and key management services
Access control procedures
Least-privilege access strictly enforced for produciton infrastructure
Data encrypted at rest
Secure disposal of electronic media containing sensitive data (PII, ePHI, etc.)
Data protection impact assessment
Data transfers covered by approved safeguards
Encryption in transit over public networks
Secure connection means utilized
Code of Conduct acknowledged by contractors
Code of Conduct acknowledged by employees
Web application firewalls configuration
Development, testing, production environments separated
Anti-malware monitoring
Intrusion detection tool
Infrastructure firewall
Centralized Log Collection and Monitoring
Automated system capacity and performance monitoring
Incident response procedures documented
Business continuity plans ensure emergency functionality
Business continuity & disaster recovery plans documented and tested
Security incident logging and review
HIPAA Incident Response Policy and Procedures
Documented HIPAA Security Rule policy acknowledgment
Automated decision-making policy
Internal GDPR compliance assessments performed
Visitor sign-in, badging, and escort policy
Downstream compliance requirements with contractors enforced
Technology assets inventoried
Annual risk assessments performed
Documented Vendor Management Program
Age verification and parental/guardian consent process enforced
Consent for processing captured via explicit opt-in mechanisms
Confidentiality Agreement acknowledged by employees
Security awareness training implemented
Background checks performed on employees
Background checks performed on contractors
Records of Processing Activities (RoPA) maintained
Whisteblower mechanism maintained
Multi-availability zones
Notification workflows regarding rectification or erasure maintained
Documentation available to internal and external users
Lawful basis assessment
Automatic Session Timeout Enforcement
Patch management process developed
Board/steering committee bylaws
Removable Media Use Restricted and Encrypted
Disciplinary action enforced
Subprocessors
AWSCloud Infrastructure & Platform Services
Recall.ai - The API for Meeting RecordingCustom
OpenAIAI & ML Services