Our security and compliance controls overview is available on our website's Security page.

For enterprise customers, our sales team can provide the following resources to expedite security review:

• SOC 2 Type 2 report covering security, availability, and confidentiality from A-LIGN

• Independent Penetration Test report from A-LIGN

• Company policies and controls

PixieBrix uses Drata to continuously monitor our compliance posture.

Frequently Asked Questions

What security certifications do you have?

PixieBrix has completed a SOC-2 Type 2 with A-LIGN covering the following trust criteria:

• Security

• Availability

• Confidentiality

You can find an overview of our controls on our website's Security page.

Has PixieBrix been independently audited?

• Annual Penetration Test: our latest independent penetration test report by A-LIGN is available upon request

• PixieBrix completed the Google Cloud Application Security Assessment (CASA)

• The Google Chrome Web Store team reviews the extension prior to publishing in the Chrome Web Store

• Our browser extension is source-available on GitHub

Where is your Data Stored?

PixieBrix servers are managed by Salesforce Heroku and Amazon Web Services in the United States.

PixieBrix does not transmit/store browsing data unless you build mods that transmit that data to us (e.g., for Storing Data with Team Databases)