At Design Pickle, we know how important security and privacy are when working with your creative files and account information. We take this responsibility seriously by following strict policies, encryption standards, and ongoing security assessments.
This article answers frequently asked questions about how we handle security and privacy within the Design Pickle Platform (DPP).
FAQs
Q: Does Design Pickle have a Data Security Policy?
Yes. Design Pickle maintains a comprehensive Information Security Policy. This policy covers all essential areas, including:
Data Management
Data Classification
Data Retention and Destruction
Access Management and Control
Encryption, Cryptography, and Key Management
β
Q: Is client data encrypted?
Yes. All client data within the Platform is encrypted both in transit and at rest.
Data in transit: TLS 1.2 and TLS 1.3 protocols are used. Permitted cipher suites include AES-128 GCM with ECDHE_RSA and a P-256 handshake. TLS 1.1 and below are not permitted, and weak cipher suites are disabled.
Data at rest: Databases are encrypted using Amazon KMS with AES 256-bit (or higher).
β
Q: Does Design Pickle have a Privacy Policy?
Yes. We maintain a privacy policy that is reviewed and updated annually to ensure compliance with state, domestic, and foreign privacy regulations. Read our Privacy Policy here.
Q: Is there a SOC 2 report for the Platform?
The Design Pickle Platform is built on AWS using PaaS services. AWS maintains multiple accreditations and security compliances, including an annually reissued SOC 2 Type II report.
Q: How does Design Pickle validate the security of its platform and processes?
We maintain a threat management program that includes:
Ongoing vulnerability management and penetration testing
Annual network penetration testing
Annual application penetration testing (including OWASP testing of the front-end web and APIs) performed by a third party
Annual risk assessment of security controls conducted by a third party, using industry-standard frameworks like the NIST Cybersecurity Framework and Center for Internet Security Controls
Q: What type of data does the Platform collect?
The Design Pickle Platform does not store, process, or transmit:
Sensitive PII data
Behavioral data or preferences
Online activities (e.g., website tracking or browsing history)
We only collect client data that is directly relevant to delivering creative design services.
Q: How will data be used or shared?
Collected data is used only for:
Providing creative design services (graphic design, custom illustration, presentation design, motion graphics)
Improving our products and services
Increasing process efficiency and customer value
β
Q: Who has access?
Only Design Pickle employees and contractors with a legitimate business need will have access to client data. All employees and contractors sign a non-disclosure agreement or follow a strict code of ethics that includes rules for information security, communication, and data privacy.
Q: How are data and creative files stored and secured?
All data and creative files are stored within the Design Pickle Platform, which is hosted on AWS.
For more details on AWS security and compliance, refer to the AWS Security Whitepaper.
Need further help? Email us through [email protected], or click the chat button on the lower right-hand side of this window to chat with us.