Information Security at PinMeTo

The safety of our customers' data is central to everything we do at PinMeTo. As a leader in the Local Marketing and search technology market, with offices in 5 countries, ensuring seamless and secure information flow is crucial for us.

We Are ISO 27001:2022 Certified

ISO/IEC 27001:2022 is one of the most widely recognised and internationally accepted information security frameworks developed by the International Standard Organisation (ISO) that assists organizations in being risk-aware as well as identify and address their security gaps.

In the Location Marketing field, PinMeTo is the first company to achieve the title which includes not only the PinMeTo products but also our global offices, processes, and all operations. Our ISO Certification for data security serves as a guideline for PinMeTo's information security management systems (ISMS) supporting our Development, Sales, Support, and platform's delivery.

See the certificate

What ISO 27001:2022 Certification Means for You

Whether it's electronic data, physical documentation, or data entrusted to third-party suppliers, our compliance to ISO 27001 principles ensures a holistic protection of our customers' data.

Confidentiality involves all our efforts to make sure that the data is kept secret. To accomplish this, all the accesses to information are controlled in order to prevent the unauthorised sharing of data - whether intentional or accidental. Our customers can rest assured that their data will be confidential and will be secured in line with the globally recognised best practices.
Integrity is making sure our customers' data is trustworthy, complete, and has not been accidentally altered or modified by an unauthorised user or body. It also ensures that when an unauthorised person makes a change that should not have been made, the damage can be reversed.
Availability: Our product and all relevant data are constantly in a state of availability. Our customers can rest assured that we have the best processes and controls to make all the data available for them whenever they need to use it.

Additional Security Measures

Protection of our customers' personally identifiable information (PII) remains a top priority.

Personal Data and GDPR Compliance

We've institutionalized processes aligning with the General Data Protection Regulations (GDPR). All employees, external partners, and service providers have received training on our GDPR-compliant practices.

Secure User Access with SSO

To streamline and secure user access, we've integrated SAML and SSO. Our users enjoy a smooth login experience, while our systems ensure that security parameters are never compromised.

Asset Management

All assets - data, software, and hardware - are classified based on their criticality, with designated owners responsible for their protection. This systematic approach aligns with our Data Management and Classification Policy and ISO 27001 security protocols.

Continuous Security Enhancement

Beyond ISO Certification for Data Security, we've made security a part of our daily operations, ensuring that every part of our company is always focused on assessing risks and strengthening our defence.

Our Security Practices

Internal Audits

A structured program mandates at least two internal audits annually, maintaining our ISMS's effectiveness.

Monthly Risk Review

All ISMS-related risks are examined and monitored regularly. Identifying and evaluating potential risks, rating the likelihood of an attack, and estimating the effect of a security breach are all part of our comprehensive risk-based strategy.

Infrastructure Security

We undertake regular penetration tests of our Cloud Infrastructure. Additionally, continuous monitoring ensures adherence to best security practices and timely threat detection.

Security Policies

We have developed and implemented comprehensive information security policies and procedures that cover all aspects and requirements of the ISO 27001:2022 International Standard. These policies are regularly monitored and kept up to date.

Incident Management

We have an incident response plan to handle security incidents effectively. Our procedures include steps for reporting, assessing severity, and mitigating security breaches in accordance with GDPR Article 33.

Business Continuity

We have extensive business continuity procedures in place to ensure that important processes and information are not disrupted or destroyed in the event of a disaster. All BCP scenarios are subject to ongoing monitoring and exercises.

Security Culture

PinMeTo employees are committed to our information security culture, adhering to all security best practises and contributing to our collective approach. Annual employee training sessions are conducted with specialised modules for roles with security responsibilities.

Top Management Review

Semi-annual meetings focusing on information security ensure continuous alignment with evolving threats. Our Information Security Officer holds regular discussions with the CTO, CFO, and CEO, evaluating potential threats and refining mitigation strategies.

Compliance

We make certain that our Information Security Management System complies with all applicable legal and regulatory standards. To demonstrate compliance, we maintain our documentation up to date.

Have Security Questions?

For any security-related inquiries, feel free to reach out to us.

Contact PinMeTo

Name	Provider	Purpose	Duration	Type
_ga	Google Analytics	Used to distinguish unique users	2 years	HTTP
_ga_*	Google Analytics	Used to persist session state and throttle request rate	2 years	HTTP
_gid	Google Analytics	Used to distinguish unique users	24 hours	HTTP