Technical and Security FAQ


Preserving the confidentiality and integrity of your information is one of Pinipa’s highest priorities. Pinipa maintains a deep culture of security and utilises an iterative approach in designing and improving security procedures and controls. We continuously analyse the effectiveness of our security policies to ensure we are providing optimal protection for our customers.

Q. What is Pinipa?
A. Pinipa is an oversight tool to gain visibility of progress and decisions across workstreams.  By sharing proactively progress through a single platform, operational or project teams can build confidence, capture feedback, reduce costs and deliver results faster.

Q. What is the problem it is solving?
A. With such complex organisations, it is difficult for senior people to have visibility of what is happening. Pinipa provides this visibility. For example, one of our customers, Capita, are using Pinipa on a project with a local authority that has to succeed. They have invited all of the people involved onto Pinipa, including the most senior people across the organisation, and they receive regular updates on progress across all of the workstreamms, so they have absolute confidence in what is happening.

Q. What value does my organisation get from using Pinipa?
A. Pinipa gives you confidence. It also reduces manual reporting, saves cost on project resources for the PMO and communications, avoid the need to use complicated PPM tools (or does this automatically through an integration), reduces the number of meetings and workshops. By using Pinipa you can engage 10x stakeholders to solve complex problems in 2-3 weeks, accelerating your project delivery.

Q. How does Pinipa work?
A. Pinipa is a cloud-based tool. Each organisation has their own database. Within an organisation, you can set up initiatives with different privacy levels.

Within an initiative, you can set up workstreams for the different components of what you are delivering. Within workstreams, you can show key dates, request or post decisions, have discussions and share documents, or make announcements. You can also capture ideas to help shape your plan (optional).

You can invite anyone to join an initiative using an email address. If they do not have a matching domain name, they will be considered a guest in the organisation. This means they will have full access within an initiative they have been invited to join however will not be able to create a new initiative.

Q. How is Pinipa different to other tools in my organisation?
A. Pinipa is collaborative in nature with the structure needed to get things done. It includes things like workstreams, key dates and decisions, to help put shape to your plan. And includes email updates and announcements to help stay focused on delivery and keeping stakeholders up to date on progress.

It is designed to be very easy to use, so you do not need to be a project expert.

Pinipa is built as an API platform so integrations can be made into any other open platform such as intranets or project tools.

Q. Who can access Pinipa?
A. Only users with a valid and verified email invitation from a Pinipa user can join your Pinipa organisation. If they do not have a matching domain name, they will be considered a guest in your organisation and will only be able to access the initiative they have been specifically invited to join.

People with a matching domain name can also join the organisation when they sign up from the website, however will not have access to existing initiatives unless they have been invited to join them.

Single Sign On can be used to further limit the user types who can gain access to your data.

Q. Where is the data hosted?
A. Pinipa is hosted by Microsoft Azure in Europe. This facility is located in Ireland with a failover facility in the Netherlands.  All customer specific data is stored within Europe to comply with requirements of data protection of European organisations.

Microsoft Azure have one of the highest security standards globally and set the benchmark for enterprise grade cloud providers, particularly for financial services.  For enterprise customers, further tailored environments can be accommodated such as private Microsoft Azure or AWS clouds.

Q. Where are my files hosted?
A. Pinipa allows users to upload files to be shared as documents on the platform.  These documents are hosted on Microsoft Azure in an encrypted storage group in the Ireland facility.  Integrations with platforms such as Microsoft OneDrive for Business can help ensure files are correctly stored in the clients environment.

Q. Is my data encrypted at rest
A. Yes, Pinipa encrypts customer sensitive data on separate customer databases by using disk encryption. Keys are managed by a secure key management platform hosted by Microsoft Azure.

Q. Is the data encrypted in transit?
A. All data in transit into and out-of the production environment is encrypted at all times. Communication with Pinipa is over HTTPS (TLS1.2) regardless of user end-point (Web, Desktop App, Mobile App, API)

Q. Who has access to the data?
A. Only Pinipa employees with a legitimate business need can access customer data and all access is on an approval-only basis. All access is logged and regularly audited.

Q. What is Pinipa’s architecture?
A. Pinipa’s architecture is built as a cloud first platform that gives customers the best features, with the fastest platform and accelerated development.

Pinipa is an API driven framework that is purpose built for hosting organisation transformation programme data while having the flexibility to interconnect with other platforms as required.

Each Pinipa customer is hosted on a separate encrypted database to ensure no data leak between clients coupled with a robust enterprise grade authentication platform with extensibility to enterprise Single Sign On.

A private cloud version of Pinipa is available on AWS or Azure for enterprise customers.

Q. How does Pinipa provide redundancy?
A. Pinipa’s architecture uses Azure to serve our clients data.  Our servers and databases are built with redundancy and failover within our primary datacentre.  A secondary failover datacentre is activated in event of overall failure by Azure.  All of our services are backed up regularly throughout the day on separate instances to ensure fast recoverability.

Q. What is the SLA?
A. Pinipa offers a 99.9% uptime SLA.

Q. Who owns the data posted into Pinipa?
A. All data is owned by the customer.

Pinipa is a data processor and has no rights to any content, or responsibilities for the data posted within a Pinipa programme.

Q. Do you comply with the data protection act in my country?
A. It is the Data Controller’s responsibility to comply with the data protection legislation that affects them.  Pinipa complies with data protection as a Data Processor within Europe.

Q. What is Pinipa’s Privacy Policy? How do you treat my data?
A. Our privacy policy is publicly shared and available here:

Q. How do users authenticate to Pinipa
A. The primary method of authentication is for Pinipa to manage the users. For more advanced requirements Single Sign On can be enabled so organisations can manage authentication with their own authentication platforms. 

Q. How can I track users in Pinipa?
A. The Pinipa people page shows what users have logged into Pinipa and who has been invited to join.  A programme admin has the rights to remove any user at any time.  A further integration with SSO will enhance this process.  A data export is also available of all logged activities in Pinipa.

Q. Can I enforce multi-factor authentication?
A. Yes, by using a SAML 1.1 or 2.0 compliant Identity provider.

Q. Can I use Single Sign On?
A. Yes, Pinipa has inter-connectivity with most SSO providers such as ADFS, Active Directory on premises, Office 365, AzureAD, Google and more.

Q. Can I export all my data?
A. All data is owned by the customer.  Pinipa provides a facility to export data in a CSV or JSON format that can be readable and manipulated as the customer pleases for backup or analytics purposes

Q. How does calendar integration work?
A. Pinipa can synchronise key dates in Pinipa to a users calendar.  The key dates that are synchronised are those workstream that the user either follows or has been assigned to.  The synchronisation is real time and attaches dates directly into the users calendar.  The synchronisation can be stopped by the user at any time.   Pinipa supports exchange, O365, Google Calendar and iCloud.

Q. What is Pinipa’s data retention policy?
A. All data on Pinipa is by default set to ‘soft’ delete.  Therefore, any data that is deleted by the users will not appear on the service but will continue to be stored on the database.  If the customer wishes to export the data via our API the data will be exported.

Customers data is retained as long as the customer contracts remain valid.  If the customer chooses to   not continue the service, the data will be hard deleted 30 days after the contract terminates.

If a customer requires data to be hard deleted during the contract tenure, a specific request can be made to

Q. Does Pinipa sell our data?
A. No.

Q. Are there more detailed technical and security details
A. Yes, if you would like to view our Pinipa data security policy then you can request to view this under NDA.

Have more questions?