ISO

Trust and Security Center

Start your security review
ControlK

Overview

Welcome to Pinecone's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

Compliance

CCPA Logo
CCPA
GDPR Logo
GDPR
HIPAA Logo
HIPAA
ISO/IEC 27001 Logo
ISO/IEC 27001
SOC 2 Logo
SOC 2

Subprocessors

Documents

REPORTSPentest Report
REPORTSSOC 2 Report
COMPLIANCEHIPAA
COMPLIANCEISO/IEC 27001
COMPLIANCESOC 2
SELF-ASSESSMENTSCAIQ
PRODUCT SECURITYProduct Architecture
LEGALCyber Insurance
POLICIESAcceptable Use Policy
POLICIESAccess Control Policy
POLICIESAsset Management Policy
POLICIESBackup Policy

Risk Profile

Data Access LevelInternal
Impact LevelModerate
Recovery Time Objective4 hours
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

HIPAA Report
Pentest Report
SOC 2 Report

Self-Assessments

CAIQ

Data Security

Access Monitoring
Data Backups
Data Erasure
View more

App Security

Code Analysis
Credential Management
Software Development Lifecycle
View more

Legal

SubprocessorsConfluent-company-logoPylon-company-logoAmazon Web Services (AWS)-company-logoMicrosoft Azure-company-logoSalesforce-company-logo
Cyber Insurance
Data Processing Agreement
View more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Status Monitoring
Amazon Web Services
Anti-DDoS
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Network Security

Bot Detection
Security Information and Event Management

Corporate Security

Asset Management Practices
Email Protection
Employee Training
View more

Policies

Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
View more

Security Grades

We are constantly monitoring the security of our website. We will post our grades from public security rating agencies when they become available.

Trust and Security Center Updates

ISO

Copy link
Compliance

We are thrilled to announce that Pinecone has successfully completed our annual ISO 27001:2022 surveillance audit, ensuring our certification remains fully active! This ongoing milestone underscores our unwavering commitment to providing the highest standards of information security for our valued customers year after year. Passing this audit validates that Pinecone continues to uphold and actively manage rigorous, industry-leading security controls to safeguard your data. For complete transparency, you can verify our active certification status using the certificate number via the IAF CertSearch database.

Axios Supply Chain Attack

Copy link
General

Pinecone is aware of the recent supply chain attack targeting the axios NPM package. Following a comprehensive audit of our infrastructure and dependencies, we have confirmed that Pinecone is not affected. We have successfully deployed monitoring capabilities and detection logic specifically designed to identify these compromised versions. We are actively scanning our environments to prevent any potential impact on our services or customers.

SOC2 Update

Copy link
Compliance

We are proud to announce the successful completion of our 2025 SOC 2 Type II audit, which confirmed that our security, availability, and confidentiality controls operated with zero deviations. This milestone reinforces our commitment to providing a secure and reliable vector database for your production applications. The full report is now available for review in our safety center.

Shai-Hulud

Copy link
Vulnerabilities

Pinecone is aware of the ongoing Shai-Hulud and Shai-Hulud 2.0 worm campaigns targeting the NPM ecosystem. Following a comprehensive audit of our infrastructure and dependencies, we have confirmed that Pinecone is not affected.

We have successfully deployed monitoring capabilities and detection logic specifically designed to identify this worm. We are actively scanning for compromised packages to prevent any impact on our services or customers.

Pinecone response to Salesloft/Drift Breach

Copy link
Incidents

Pinecone completed an internal investigation and confirmed that we have never installed or used any Salesloft integration.

We will continue to monitor our vendor supply chain to assess any potential indirect impact.

Pinecone is reviewed and trusted by

DISCO-company-logoDISCO
Terminal X-company-logoTerminal X
Aquant-company-logoAquant
Chipper Cash-company-logoChipper Cash
Inkeep-company-logoInkeep
New Relic-company-logoNew Relic
Vanguard-company-logoVanguard
Obviant-company-logoObviant
Shortwave-company-logoShortwave
Expel-company-logoExpel
Gong-company-logoGong
ClickUp-company-logoClickUp
If you need help using this Trust and Security Center, please contact us.
Contact support