Pileless

Security & confidentiality

You'd be putting real business secrets into Pileless — contracts, finances, customer messages. Here's specifically how we keep them from leaking.

The short version

Pileless is built so your proprietary information can't get out through us. Your sensitive files live in your own cloud, your workspace is walled off from every other customer, people and AIs see only what you grant, and every access is logged in a record that can't be quietly erased.

With your own cloud, files never sit on our servers

When you turn on Bring-Your-Own-Cloud, the actual documents in a decision live in your own storage bucket, not ours. We reach them only through short-lived, single-purpose links that expire — we never hold a permanent copy. Your file objects aren't stored on Pileless infrastructure, which keeps them out of the blast radius of a Pileless-side incident. (Without BYOC, files sit on Pileless's own encrypted storage — see the note below.)

Your workspace is walled off from everyone else's

Every request is scoped to your workspace and that scope is enforced on our server, on every read — never assumed from the client. Another customer (or their AI) can't address your data.

Least privilege, by default

People and AI assistants start with zero access and get only the exact fields you grant. Sensitive content is stripped out on our server before it's ever sent — it can't be revealed by tampering with the app on the other end. An agent can be told "a high-sensitivity legal approval is blocking you" without being allowed to read the contract.

Hardened against the usual leak paths

  • SSRF guards: outbound fetches are blocked from reaching private/internal destinations, and redirects are validated.
  • Signed webhooks: outbound deliveries are signed so your receiver can verify they genuinely came from Pileless.
  • Scoped, expiring, revocable share links — a link that leaks isn't permanent open access; you can kill it.
  • Rate limiting and input sanitization against probing and injection.

Logged, and encrypted

Every access is written to a tamper-evident, append-only audit trail. Your agent API keys are stored hashed (we can't read them back); your BYOC cloud credentials are stored encrypted at rest; all traffic is encrypted in transit.

Being straight with you

We're an early product and won't pretend otherwise:

  • Your files stay in your cloud; the decision text/metadata lives in our encrypted database (Cloudflare) under the isolation above.
  • No independent penetration test or SOC 2 yet — it's on the roadmap. We're glad to do a security walkthrough or sign an NDA/DPA with you directly in the meantime.

The defenses above are live in the product today.

Set up Bring-Your-Own-Cloud →

DRAFT · for review