Security

ProtoPie has been at the forefront of innovation since day one. As more and more companies rely on ProtoPie to prototype their new innovations, we have made security one of our top priorities.

We are committed to protecting your data privacy and securing your most important information. Find an overview of some of our practices to keep your data private and work secure.

Contact us for any security questions.

Keeping Your Work Secure

First and foremost, uploading prototypes to ProtoPie Cloud is optional. It's possible to keep your prototypes off the cloud.

Managing Access to Prototypes

As the owner of a prototype, you control who can access your prototypes in the cloud. Allow anyone, team members, or project members to access your prototypes. Or restrict access by allowing only yourself. Moreover, enable password protection to (externally) share your prototypes securely.

Learn more about managing access to prototypes.

Restricting Public Access to Prototypes

Enterprise plan only.

The service admin can manage public access to all prototypes in the ProtoPie Enterprise environment. If public access has been restricted, it means that editors cannot make their prototypes available to anyone outside of the ProtoPie Enterprise environment.

Learn more about restricting public access to prototypes.

Role-Based Access Control (RBAC)

Team & Enterprise plan only.

It's possible to control access of team members within a team and/or Enterprise environment based on their specific roles (editor or viewer). Service admins, team owners, and team admins can assign and revoke specific roles to/from team members.

Learn more about editors & viewers, team owners & team admins, and service admin.

Single Sign-On (SSO)

Enterprise plan only.

The service admin can configure SSO for their ProtoPie Enterprise environment. With SSO, members can access ProtoPie through an authentication source of choice, e.g., Okta, Auth0, or OneLogin.

ProtoPie Enterprise supports two SSO protocols:

  • SAML 2.0
  • OpenID Connect (OIDC) – on top of OAuth 2.0

Learn more about configuring SSO.

Storing Your Data

Our cloud services generally make use of Amazon Web Services (AWS). Learn more about AWS cloud security.

  • ProtoPie Cloud is hosted in the AWS datacenters in the United States of America.
  • ProtoPie Enterprise Cloud is hosted in a secluded section in the AWS data centers in an available geographical location of your choice.
  • ProtoPie Enterprise On-Premises is self-hosted on a (physical) server within your own organization. We are not able to access your server.

Data Encryption

As we use Amazon S3 by AWS, its server-side encryption makes use of AES-256.

Network

Encrypted Transmissions

Transmissions from/to the browser or ProtoPie Studio to/from our servers utilize an HTTPS protocol. Our servers are equipped with TLS and SSL encryptions to facilitate secure communication and protect against unauthorized tampering.

VPN Connections

When connecting to the AWS systems, we use OpenVPN with SSL/TLS to perform key exchanges and mutual authentication. OpenVPN is firewall and web proxy friendly as encrypted traffic is tunneled via UDP or TCP.

Compliance

Verify the status of our ISO certificates in SGS its certified client directory by entering "Studio XID" as the company name and selecting "Korea, Republic of" as the country.

ISO 27001

Besides being one of the well-known information security standards, ISO 27001 is the sole auditable international standard that defines the requirements of an information security management system (ISMS).

ISO 27701

ISO 27701 is an extension to ISO 27001. This relatively new information security standard provides the framework for companies like ProtoPie to implement policies, procedures, and processes to manage data privacy.

General Data Protection Regulation (GDPR)

ProtoPie complies with the GDPR that went into effect on May 25, 2018. The GDPR gives citizens in the EU more control over their personal data. Regarding the personal data we collect, we are committed to the right to protect you as well as be transparent about why and how we store your personal data.

California Consumer Privacy Act (CCPA)

The CCPA regulates how companies handle personal data of residents of the State of California and provide control over how they use and/or share their personal data. Under the CCPA, ProtoPie is primarily a service provider.

Payment Card Industry Data Security Standard (PCI DSS)

We do not process or store payment data ourselves. Our primary payment providers FastSpring and Paddle, and secondary payment provider PayPal are all compliant with PCI DSS.

Back To Top