Security Overview
How Piler Enterprise protects your email data
Piler Enterprise is designed with security at its core. Whether deployed on-premise or in your private cloud, your email data remains under your complete control. This document provides an overview of our security practices and architecture.
Deployment Options
Piler supports multiple deployment models to meet your security and compliance requirements:
On-Premise
Installed entirely within your infrastructure. No data leaves your environment.
Private Cloud
Deploy in your AWS, Azure, or GCP account with full control.
For regulated industries, we recommend on-premise or private cloud deployment where you maintain full control.
Data Encryption
Encryption at Rest
- All archived emails encrypted using AES-256
- Compatible with filesystem-level encryption (LUKS, BitLocker)
- S3 storage: Supports SSE-S3 and SSE-KMS encryption
Encryption in Transit
- TLS 1.2/1.3 for all web traffic (HTTPS)
- STARTTLS support for SMTP ingestion
- Encrypted database connections supported
- IMAP/POP3 over TLS for email import
Authentication & Access Control
Single Sign-On (SSO)
Multi-Factor Authentication
- Built-in TOTP support (Google Authenticator, Authy, etc.)
- Enforceable per user role or globally
- MFA via SSO provider supported
Role-Based Access Control
| Role | Capabilities |
|---|---|
| User | View own emails only |
| Auditor | Search all emails, export, eDiscovery |
| Admin | Full system administration |
| Data Officer | Approving email deletion from the archive |
Permission profiles
Restrict certain user capabilities by creating permission profiles.
Audit & Logging
Comprehensive audit logging tracks all user and system activities:
- Login attempts (success and failure) with IP addresses
- Search queries with timestamp and user
- Email access and export events
- Administrative actions (user changes, policy updates)
- Retention policy executions
SIEM Integration
Real-time event forwarding to enterprise SIEM platforms:
eDiscovery & Legal Hold
Production-ready document export for legal proceedings and regulatory requests:
- Bates numbering - Automatic sequential numbering with customizable prefixes
- Load file formats - CSV and Concordance DAT for review platforms
- Hash verification - MD5 and SHA-256 for integrity
- Legal hold - Prevent deletion of held items during litigation
- Download audit - All downloads logged with IP and user agent
Compatible with Relativity, NUIX, Logikcull, and other major review platforms.
Regulatory Compliance
Piler Enterprise provides features to help you support compliance with key regulations and industry standards
GDPR
- configurable retention, support for access and erasure requests, audit logging
HIPAA
- encrypted email storage, role-based access controls, audit logging, on-premise deployment
SEC 17a-4
- WORM-compatible storage options, tamper-evident hashing, optional TSA verification, eDiscovery export, configurable retention
Industry Security Principles
- secure coding practices, OWASP guidelines, regular security reviews, optional external SIEM monitoring
Compliance depends on proper configuration, operational practices, and deployment choices. For detailed information, see the full compliance documentation
Vulnerability Management
- Automated dependency scanning for known vulnerabilities
- Regular security updates and patches
- Static code analysis in CI/CD pipeline
- Container image scanning for Docker deployments
- Responsible disclosure policy for security researchers
Data Privacy
For on-premise deployments, no customer email data is ever transmitted to our servers.
- All data processing occurs within your infrastructure
- AI features run locally (no cloud AI services)
- Billing reports contain only aggregate metrics (no PII)
Have Security Questions?
We're happy to answer detailed security questionnaires or schedule a call to discuss your specific requirements.