PieEye - Privacy Policy Analysis Made Simple

Scope

Product / Service	SOC 2 Type II	ISO 27001	GDPR/CCPA	HIPAA
PieEye CMP (Cookie Banner)	🔄 In Progress	🔄 In Progress	✅	N/A
PieEye DSAR Automation	🔄 In Progress	🔄 In Progress	✅	✅
PieEye SDK (Mobile Consents)	🔄 In Progress	🔄 In Progress	✅	N/A
PieEye API Integrations	🔄 In Progress	🔄 In Progress	✅	✅
PieEye Admin Console	🔄 In Progress	🔄 In Progress	✅	N/A

Resources

View full library

Policies & Governance (15)

SOC2 Combined Documents
Complete SOC2 documentation package.
Security Operations Center (SOC 2) Compliance Overview
Comprehensive SOC2 compliance overview and requirements.
Asset Management Policy
Asset inventory, classification, and lifecycle management.
Backup Policy
Data backup procedures and recovery protocols.
Business Continuity Plan
Business continuity planning and procedures.
Change Management Policy
Change control processes and approval workflows.
Code of Conduct
Employee code of conduct and ethical guidelines.
Data Protection Policy
Data protection and privacy controls.
Disaster Recovery Plan
Disaster recovery procedures and testing protocols.
Information Security Policy (SOC2)
SOC2-specific information security policy.
Password Policy
Password requirements and authentication controls.
Responsible Disclosure Policy
Vulnerability disclosure and reporting procedures.
Risk Assessment Program
Risk assessment methodology and procedures.
System Access Control Policy
System access controls and user management.
Vulnerability Management Policy
Vulnerability scanning, assessment, and remediation.

Compliance Reports (Redacted Samples) (3)

SOC 2 Type II Mock Report
Redacted sample of SOC 2 Type II report.
ISO 27001 Statement of Applicability
Statement of Applicability for ISO 27001 controls.
Risk Treatment Plan (Summary)
Summary of risk treatment and mitigation strategies.

Audit Reports (3)

ISO 27001:2022 Certificate (In Progress)
Certification body-issued certificate - available upon completion.
SOC 2 Type II Report (In Progress)
Independent Service Auditor's report - available upon completion.
SOC 2 Type I Report (Sample)
Sample point-in-time report for reference.

Misc (3)

Data Processing Agreement (DPA)
Standard DPA (sign-to-access).
W9 — PieEye, Inc.
Tax form for US customers.
Certificate of Insurance
Current insurance coverage certificate.

Other (7)

Pentest Report — Executive Summary
Annual penetration test summary.
PenTest Summary
Detailed penetration testing summary.
Certification Roadmap (Detailed)
Detailed roadmap for security certifications.
ISMS Scope Statement
Information Security Management System scope.
Policy Index
Comprehensive index of all security policies.
Executive Assurance Letter
Executive summary of security posture.
NCA Log Template
Non-Conformity Action log template.

Controls

Updated continuously

View all controls

Infrastructure security

Unique production database authentication enforced
Encryption keys stored and rotated with restricted access
Network security groups and WAF in place
Backups encrypted; restores tested

Organizational security

Asset inventory maintained
Secure asset disposal procedures
Portable media encrypted
Security awareness training (annual)

Product security

Data encryption in transit and at rest
Secure SDLC with mandatory code review
Security testing in CI (SCA/SAST)

Internal security procedures

Business Continuity & DR plans established
Least-privilege access; production deploy access restricted
Incident response playbooks and on-call rota

Data & privacy

Data classification and retention policies
Consent management and DSAR automation
No training on customer data; contractual DPAs

Subprocessors

View all

Name	Role	Region	Products
Amazon Web Services (AWS)	Primary cloud infrastructure (compute, storage, KMS)	US/EU (customer-configurable)	All PieEye services
Google Cloud Platform (GCP)	Analytics / backups / redundancy	Global	All PieEye services
Cloudflare	CDN, DDoS protection, WAF, traffic routing	Global (edge)	All PieEye services
Stripe	Billing and subscription management	US/EU	Subscriptions
SendGrid	Transactional email (notifications)	US/EU	All products (email only)
ClickUp	Project management and task tracking	US/EU	Internal operations
GitHub	Source control & CI	US/EU	Engineering
Slack	Operational communications & alerts	Global	Internal communications

FAQ

Contact support@pieeye.com for moreView all FAQs

Do you use customer data to train AI models?

No. Customer data is never used to train models and is processed solely to deliver services as per our DPA.

Will you sign a DPA or BAA?

Yes. Our standard DPA is available for all customers; BAAs are available for eligible HIPAA workflows on request.

Where is data stored and processed?

Primary storage is US-only by default. EU processing/storage options are available via contract; logs/processing can be regionally restricted on request.

Can we access SOC 2 / ISO evidence?

Yes. Request access via this page. Under NDA we provide the SOC 2 Type II report (when finalized), ISO certificate (when issued), and redacted supporting evidence.

How long do you retain data?

Retention is configurable by customer policy; defaults are documented in our Data Retention Policy. DSAR/erasure is supported programmatically.

How do I report a security issue?

Email support@pieeye.com (PGP key available). We follow coordinated vulnerability disclosure.

Updates

Announcements about certifications, subprocessors, and regions

Sep 2025
Certification Roadmap (Phase 4 in progress)
ISO 27001 Stage 1/2 audit scheduling underway; SOC 2 Type II audit window active.
Aug 2025
ISO 27001 core docs finalized
SoA (93 controls), Risk Treatment Plan, Management Review minutes completed.
Aug 2025
SOC 2 readiness complete
Control operation evidence collected (MFA, access reviews, DR test, vuln scans).
Jul 2025
Subprocessor list updated
Added SendGrid (notifications); clarified regions for AWS/GCP.