Trust & security

How we protect your work.

A clear overview of how PitchWorx protects accounts, project files, payments, and confidential client work. Need information for a security or procurement review? contact@pitchworx.com.

Account & access

Secure access to your workspace

  • Protected authenticationPasswords are securely hashed, and sign-in and password recovery flows include safeguards against automated abuse.
  • Two-factor authenticationCustomers can add a second verification step with a compatible authenticator app and single-use recovery codes.
  • Optional Google sign-inGoogle OAuth is available for customers who prefer federated sign-in.
  • Role-based accessCustomers and PitchWorx team members receive access based on their role and the work they are authorised to handle.

Data protection

Protection built into the service

  • Encrypted connectionsTraffic to PitchWorx services is protected with HTTPS and modern transport encryption.
  • Protected credentialsSensitive application credentials and authentication secrets are encrypted or securely hashed.
  • Managed infrastructureWe use managed infrastructure, protected storage, and operational backups to support service continuity and recovery.
  • Security monitoringImportant account and project actions are recorded to support accountability, troubleshooting, and security review.

Client files

Your work stays controlled

  • Files isolated by accountProject files are scoped to the relevant account and request, with server-side authorisation checks controlling access.
  • Restricted upload formatsUploads are limited by file type and size, and potentially unsafe active-content formats are restricted.
  • Controlled sharingShare links use controlled tokens and are delivered through PitchWorx services to reduce unnecessary exposure.
  • Confidential by defaultBriefs, files, messages, and deliverables are treated as confidential and are available only to authorised people and providers involved in delivering the service.

Payments & integrations

Trusted services, limited access

  • Payments handled by StripeStripe processes card payments. PitchWorx does not store complete card numbers or security codes on its servers.
  • Verified billing eventsBilling events are accepted only after Stripe's webhook signature is verified.
  • Protected integrationsSupported integrations use signed requests, validated destinations, and provider-recommended verification controls.
  • Carefully selected providersWe use established providers for hosting, storage, payments, email, authentication, and creative collaboration, with access limited to what each service needs.

Privacy & compliance

Certified and accountable

  • ISO/IEC 27001:2022 certifiedOur information security management system is certified to ISO/IEC 27001:2022, supporting a structured approach to managing information security risks.
  • Data used to deliver your workWe use client information to provide the requested service, operate accounts, support customers, and meet legal obligations. We do not sell personal information.
  • NDA supportWe can sign an NDA when a client or procurement process requires one.
  • Security and procurement reviewsFor a reasonable security review or compliance question, contact us at contact@pitchworx.com.