Security Portal

Get access to this Security Portal
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Overview

Security Notice OpenSSL 3 Vulnerabilities After careful review of our infrastructure and SBOM, Chili Piper has determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022.

Security Notice regarding Okta - While the SafeBase product allows customers to authenticate using Okta, Chili Piper does not use Okta internally. As a result, we are not affected by the potential security incident related to claims made by the hacking group LAPSUS$. Please reach out to us at security@chilipiper.com if you have any further questions or concerns.

Security Notice regarding the Log4j Java library remote code execution vulnerability (CVE-2021-44228): Chili Piper does not use Log4j and is unaffected by this security vulnerability. Chili Piper uses Logback as our logging framework.

Security Notice regarding the Spring4Shell vulnerability: Starting in April, there has been active exploitation of Spring4Shell (CVE-2022-22965) RCE. Chili Piper is unaffected as we don’t use any Java or Java application servers.

Chili Piper has implemented best-in-class security practices to keep customer data safe. We follow the Google Security model. All our operations run at Google Cloud Platform. Backups are stored on Google Cloud Storage. OAuth tokens are also stored at Google Cloud Storage using native encryption. Each tenant is hosted in a separate MongoDB database instance. All in-transit data is encrypted with 256 bit SSL.

Compliance

CCPA Logo
CCPA
GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
SOC 2 Logo
SOC 2
Get access to this Security Portal
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Documents

All
Public
Private
Network Diagram
Pentest Report
SOC 2 Report
ISO 27001
SOC 2
SIG Lite
Cyber Insurance
Data Processing Agreement
Master Services Agreement
Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
Asset Management Policy
Backup Policy
Business Continuity Policy
BYOD Policy
Data Classification Policy
Data Security Policy
Encryption Policy
General Incident Response Policy
Information Security Policy
Network Security Policy
Other Policies
Password Policy
Physical Security
Risk Management Policy
Software Development Lifecycle

Risk Profile

Data Access LevelRestricted
Recovery Time Objective< 12 Hours
Recovery Point Objective< 12 Hours
See more

Product Security

Audit Logging
Data Security
Integrations
See more

Reports

Network Diagram
Pentest Report
SOC 2 Report

Self-Assessments

SIG Lite

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Bot Detection
Code Analysis
Credential Management
See more

Legal

Cyber Insurance
Data Processing Agreement
Master Services Agreement
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Anti-DDoS
BC/DR
Data Center
See more

Endpoint Security

Disk Encryption
DNS Filtering
Endpoint Detection & Response
See more

Network Security

Data Loss Prevention
Firewall
IDS/IPS
See more

Corporate Security

Asset Management Practices
Email Protection
Employee Training
See more

Policies

Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
See more

Security Grades

Qualys SSL Labs
apps.chilipiper.com
A

If you think you may have discovered a vulnerability, please send us a note.

Report Issue
Powered BySafeBase Logo