Picsart security & quality at-a-glance
We're uncompromising in meeting industry-leading privacy, security and quality standards.
We build Picsart with global security standards in mind, offering enterprise-grade security across all aspects of how developers integrate, run,……
Privacy & Governance
Picsart’s policies, tools, and procedures are built to protect your data and help you meet global privacy obligations.
We comply with leading global regulations like the GDPR and CCPA and always keep up with the latest regulations and requirements.
To support robust security for our products and services as well as our cloud hosting operations, Picsart employs a variety of programs, processes, policies, and security mechanisms that help secure our internal networks and systems, physical corporate locations and data.
The security of customer data is our top priority. With independent third-party assurance, we are committed to protecting both our systems and your data.
SOC for Service Organization
General Data Protection Regulation
California Consumer Privacy Act
Picsart security at-a-glance
The Picsart Access Management Policy applies to all environments that collect, store, process, transmit, or dispose of data based on role-based access control follows the principle of least privilege, which states that permissions are only granted to allow the performance of specific job functions.
Logging and Monitoring
Our threat detection, logging and alerting systems notify our on-call teams about potential incidents.
Privacy by Design
Picsart has a long-standing practice of proactive incorporating privacy best practices in our product development efforts, which means we think about privacy at the outset when it comes to our software development lifecycle. This is also known as “privacy by design.”
Vulnerability Disclosure Program
Picsart runs a VDP at hackerone.com with the world’s top ethical hackers. They stress test systems and hunt bugs, and we fix vulnerabilities before anyone else even knows they exist.
Distributed Denial-of-Service Protection
Picsart employs a defense-in-depth strategy for Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) protection, using a well-known third-party mitigation service.
Internal Security Policy
Our internal network is protected by an enterprise-grade firewall/IDS/IPS system and we utilize network segmentation to keep the network secure. Our network is protected against DDoS attacks, as well as other well-known network attacks. We routinely scan our internal network for vulnerabilities and document remediations. Access to the production environment is restricted to only authorized IP addresses and requires key authentication on all endpoints. Our public addresses are reviewed on a quarterly basis to ensure a secure production environment.
When a new employee joins Picsart, they complete a mandatory cybersecurity training to bring them up to speed with cybersecurity principles and best practices. We’ve built a custom management learning system to help further educate employees on cybersecurity issues:
- Passwords & multi-factor best practices
- Attack vectors (e.g., phishing, social engineering, malware)
- Device security and how devices should be properly secured and hardened
- Digital footprint (e.g., PII and how it can be easily accessed online, social media best practices)
All Picsart employees complete ongoing training related to cybersecurity and emerging threats to ensure they are well trained and informed about protecting against potential security threats.
Picsart engages a third-party to perform annual penetration testing for applications and all critical services. The objective of penetration testing is to find security vulnerabilities following industry standards and best practices (such as OWASP and OSSTMM). Picsart documents and evaluates any vulnerabilities found by the third-party assessor and then creates remediation plans for fixing them.
Intrusion Detection and Prevention:
Our intrusion detection mechanism takes note of host-based signals on individual devices and network-based signals from monitoring points within our servers. Administrative access, use of privileged commands, and system calls on all servers in our production network are logged. Rules and machine intelligence built on top of this data give security engineers warnings of possible incidents. At the application layer, we have our proprietary WAF which operates on both whitelist and blacklist rules.
All Picsart employees undergo a strict offboarding process that ensures access to systems and client data is removed immediately when an employee leaves or is terminated.
Our framework distributes and maintains the cloud space for our customers. Each customer’s service data is logically separated from other customers’ data using a set of secure protocols in the framework. This ensures that no customer’s data becomes accessible to another customer.
Our security team performs automated and manual application and infrastructure security testing to identify and patch potential security vulnerabilities and bugs on a regular basis. Picsart identifies and mitigates risks via regular network security testing and auditing by both dedicated internal security teams and third-party security specialists.
A formal change management policy has been defined by Picsart’s engineering team to ensure that all changes have been authorized prior to implementation into the production environment. All changes are stored in a version control system and are required to go through automated quality assurance (QA) testing procedures and manual code review to verify that security requirements are met. Successful completion of QA procedures leads to implementation of the change. All QA-approved changes are automatically implemented in the production environment. Our software development lifecycle requires adherence to secure coding guidelines, as well as screening of code changes for potential security issues via our QA and manual review processes.
We use technologies from well-established and trustworthy service providers to prevent DDoS attacks on our servers. These technologies offer multiple DDoS mitigation capabilities to prevent disruptions caused by bad traffic, while allowing good traffic through. This keeps our websites, applications, and APIs highly available and performing.
We utilize data centers that have been thoroughly vetted and have strict physical security controls (e.g. RFID badges, biometrics, barbed wire fences, video surveillance, motion detection, and access logging) to ensure the data centers are secure. The data centers limit access for entry and utilize the principle of least privilege for access. Additionally, we utilize SOC 2 audited/compliant data centers by geographic location whenever available by our data center providers.
All company devices are hardened, adhering to the highest security standards, utilize full-disk encryption, and have MDM software that allows for remote wiping if the device is lost.
Picsart adheres to NIST standards for encryption, utilizing both at-rest and in-transit protection. AES 256 encryption for data at rest TLS 1.2 or higher for transmission, ensuring that data is secured by the highest industry standards.
Picsart delivers quality products through its comprehensive software testing services. We offer a wide range of test activities, including requirements analysis, test planning, test design, and different types of testing for various product developments like Web, Mobile, and Desktop. Picsart also provides Automated Testing to reduce regression testing costs and accelerate release cycles.
Our expertise in manual testing ensures the early detection of bugs without disrupting project development. Picsart excels in API Testing, guaranteeing easy integration and bug-free performance.
Regression testing is another specialty of Picsart, relieving teams of the burden during peak load situations and preventing customer complaints. Our Web Testing services enhance application stability and security through various types of software testing, including functional, UI, usability, and performance testing, as well as vulnerability assessment.
Picsart’s performance testing expertise ensures quality control, scalability, stability, and optimal performance of applications. By utilizing a process-oriented approach and structured testing processes, we identify bottlenecks and peak load limits on devices.
If you need help using this Trust Center, please contact our Security team.
If you think you may have discovered a vulnerability, please send us a note.