Security and Data Protection

Resources

Fullpilot takes the security of your data and connected services seriously. This guide outlines our approach to security and the measures we take to protect your information.

Data Security Principles

Fullpilot follows these core principles for data security:

  1. Minimization: We only collect and process the data necessary to provide our services
  2. Encryption: All sensitive data is encrypted in transit and at rest
  3. Least Privilege: Access to systems and data follows the principle of least privilege
  4. Transparency: We are clear about how we use and protect your data
  5. Compliance: We adhere to relevant security and privacy regulations

How We Protect Your Data

Secure Infrastructure

  • Fullpilot is built on cloud infrastructure with comprehensive security controls
  • Integration data is stored in SOC 2 compliant data centers
  • Network security includes firewalls, intrusion detection, and regular vulnerability scanning
  • Continuous monitoring for suspicious activities and potential threats

Data Encryption

  • All data in transit is encrypted using TLS 1.2+
  • All sensitive data at rest is encrypted using AES-256
  • Database encryption for all stored credentials and sensitive information
  • Secure key management with regular rotation

Integration Security

When connecting to third-party services, Fullpilot:

  1. Uses OAuth 2.0 where available for secure authorization without accessing passwords
  2. Stores encrypted tokens rather than credentials
  3. Requests only the minimum permissions required for the integration
  4. Provides clear information about the permissions being requested
  5. Allows you to revoke access at any time
  6. Regularly validates and refreshes connection tokens

User Authentication

  • Robust authentication mechanisms with password strength requirements
  • Support for multi-factor authentication (MFA)
  • Secure session management with appropriate timeout controls
  • Rate limiting to prevent brute force attacks
  • Secure password reset mechanisms

Data Processing

Automation Execution

When your automations run:

  • Data is processed in secure, isolated environments
  • Temporary data is removed after execution completes
  • Logs are anonymized and stored securely
  • Access to execution environments is strictly controlled

AI Processing

When using AI capabilities:

  • We do not train our models on your private data
  • Content processed by AI is not retained beyond what's necessary to provide the service
  • You maintain ownership of your data and generated outputs

Compliance and Certifications

Fullpilot is designed with compliance in mind:

  • GDPR Compliance: We provide mechanisms to help you meet GDPR requirements for data stored in Fullpilot
  • SOC 2: Our infrastructure providers maintain SOC 2 certification
  • Regular Audits: We conduct regular security audits and assessments

Your Security Responsibilities

While we secure the platform, there are steps you should take to ensure the security of your automations:

  1. Credential Protection: Keep your Fullpilot login credentials secure
  2. Permission Review: Regularly review the permissions granted to Fullpilot in connected services
  3. Access Management: Manage team member access appropriately and remove access when no longer needed
  4. Automation Review: Regularly review automated workflows for security implications
  5. Data Sensitivity: Be mindful of the types of data you process through automations

Data Retention and Deletion

  • Automation Data: Data processed in automations is retained according to our data retention policy
  • Account Deletion: When you delete your account, your data is removed according to our deletion timeline
  • Data Export: You can export your data at any time

Breach Notification

In the unlikely event of a security breach that affects your data:

  1. We will notify you promptly with details of the breach
  2. We will work diligently to mitigate any potential harm
  3. We will provide clear guidance on steps you may need to take

Security Updates

We continuously improve our security measures:

  • Regular security patches and updates
  • Proactive monitoring for emerging threats
  • Continuous enhancement of security controls

Reporting Security Concerns

If you discover a security vulnerability or have security concerns:

  1. Email security@fullpilot.com with details
  2. Our security team will investigate promptly
  3. We follow responsible disclosure practices

Security Documentation

For more detailed security information:

Privacy PolicyTerms of Service