PieEye - Privacy Policy Analysis Made Simple

Platform & Data Handling (3)

Where does PieEye process customer data?
PieEye processes customer data using secure cloud providers such as AWS and GCP. Primary data storage is in the United States, with the option to configure EU processing where required. We ensure subprocessors provide equivalent security and privacy protections.
Do you use my customer data to train AI models?
No. PieEye never uses customer data to train AI models. Customer data is only used to deliver contracted services.
How does PieEye handle subprocessors?
We maintain a list of approved subprocessors (AWS, GCP, Cloudflare, Stripe, etc.) with clear roles and regions. Customers can request the full subprocessor list on the Trust Center. Material changes are communicated in advance.

How does PieEye support GDPR and CCPA compliance?
PieEye provides automated workflows for cookie consent, data subject access requests (DSARs), and regional compliance notices. Our tools help customers meet their obligations under GDPR, CCPA/CPRA, and other global privacy laws.
Can people opt out or make a DSAR via PieEye?
Yes. PieEye enables companies to publish DSAR forms and opt-out mechanisms. Requests are routed to internal teams and integrated with customer systems for timely fulfillment.
Do you support cookie consent banners across regions?
Yes. PieEye's consent banner includes geolocation detection and automatically displays the correct regional banner and language (e.g., GDPR in the EU, CCPA in California). Preferences are logged and stored according to applicable regulations.

Do you have SOC 2 or ISO 27001 certification?
PieEye has completed SOC 2 readiness and is in progress for SOC 2 Type II and ISO 27001 certification. We can provide mock reports, Statements of Applicability, and certification roadmaps on request.
Can I request your SOC 2 or ISO 27001 reports?
Yes. Under NDA, customers and prospects may request redacted SOC 2 and ISO 27001 artifacts via our Trust Center. Approved requests are fulfilled with signed, expiring links.
What is your certification roadmap?
SOC 2 Type II — in progress (readiness complete); ISO 27001 — in progress; HIPAA BAA — available for covered entity use cases upon completion of certification.

Do you provide a Data Processing Agreement (DPA)?
Yes. PieEye offers a standard DPA covering GDPR, CCPA, and other global requirements. Customers may request a signed DPA via our Trust Center.
Will you sign a BAA for HIPAA?
Yes. PieEye will sign a Business Associate Agreement (BAA) for customers handling healthcare-related data where HIPAA applies.
What insurance coverage do you carry?
PieEye maintains cyber liability and errors & omissions insurance. Certificates of insurance are available via our Trust Center.

Will PieEye use customer data for AI training?
No. PieEye will never use customer data to train or fine-tune AI models.
Does PieEye use AI internally?
Yes, for internal process improvements such as monitoring, automation, and summarization of operational logs. No personal data is shared with AI systems unless explicitly anonymized and approved.
Can customers opt out of AI features?
Yes. Customers may disable optional AI-powered features within PieEye's platform. Compliance and privacy features do not rely on AI.

Are you registered under the EU–US Privacy Framework?
PieEye currently relies on Standard Contractual Clauses (SCCs) for EU–US data transfers and is evaluating participation in the EU–US Privacy Framework.
How can I report a security issue?
Please email security@pii.ai. We follow a coordinated vulnerability disclosure process and welcome responsible reports.
How do you handle incident response?
PieEye maintains a formal Incident Response Plan with defined severity levels, escalation paths, and communication procedures. Customers will be notified promptly if an incident impacts their data.