Security and Compliance
Last updated
Was this helpful?
Last updated
Was this helpful?
Our security and compliance controls overview is available on .
For enterprise customers, our sales team can provide the following resources to expedite security review:
SOC 2 Type 2 report covering security, availability, and confidentiality from
Independent Penetration Test report from
Google Cloud Application Security Assessment (CASA) report from
Company policies and controls
PixieBrix uses to continuously monitor our compliance posture.
PixieBrix includes a built-in integration with OpenAI for use with mods you create. However, PixieBrix mods can be configured to call any generative AI provider, including , , or on-premise LLMs.
When using the default OpenAI integration:
OpenAI DOES NOT use your data to train or improve its models
OpenAI retains data for up to 30 days for abuse investigation
Traffic is transmitted through the PixieBrix API Gateway, which does not store request data. The API Gateway stores request metadata (e.g., organization, user) for use with .
For more information, see the .
If you do not want traffic transmitted through the PixieBrix API Gateway, you can bring your own OpenAI API key and either:
Configure the integration with "pushdown" (see Integration Scenarios), or
Set up your own API Gateway/endpoint for requests
See Integration Scenarios for more integration options, e.g., OAuth2 PKCE.
Security
Availability
Confidentiality
The Google Chrome Web Store team reviews the extension prior to publishing in the Chrome Web Store
PixieBrix does not transmit/store browsing data unless you build mods that transmit that data to us (e.g., for Storing Data with Team Databases).
Data is processed in the United States under the EU-US Data Privacy Framework. See Is PixieBrix GDPR compliant? for more information.
Yes, we are GDPR compliant. For our standard Data Processing Agreement (DPA), refer to our Terms and Conditions.
Data is processed in the United States under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and, as applicable, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
General Data Protection Regulation (GDPR) – European Representative Pursuant to Article 27 of the General Data Protection Regulation (GDPR), we have appointed European Data Protection Office (EDPO) as our GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium
UK General Data Protection Regulation (GDPR) - UK Representative Pursuant to Article 27 of the UK GDPR, we have appointed EDPO UK Ltd as our UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:
by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom
FADP Article 14 Representative Pursuant to Article 14 of the FADP, we have appointed EDPO Switzerland as our Representative in Switzerland. You can contact EDPO Switzerland regarding matters pertaining to the FADP:
by writing to EDPO Switzerland at Rue de Lausanne 37, 1201 Geneva, Switzerland
PixieBrix Enterprise customers may also request access to our built-in , which . To request access, contact your account manager.
PixieBrix has completed a SOC-2 Type 2 with covering the following trust criteria:
You can find an .
Annual Penetration Test: our latest independent penetration test report by is available upon request
PixieBrix completed the audited by
Our browser extension is
PixieBrix servers are managed by and in the United States.
We are able to execute custom Data Processing Agreements (DPA) with enterprise customers to ensure they meet their GDPR and data protection obligations. For more information, contact or your Account Executive.
To make a Data Subject Access Request (DSAR), contact
by using EDPO’s online request form:
by using EDPO’s online request form:
by using EDPO Switzerland's online request form:
