Information Security at PinMeTo

The safety of our customers' data is central to everything we do at PinMeTo. As a leader in the Local Marketing and search technology market, ensuring seamless and secure information flow is crucial for us.

Is PinMeTo ISO 27001 Certified?

In October 2023, PinMeTo became the first multi-location brand management platform to achieve ISO 27001:2022 certification, audited and verified by DNV (certificate number C583993). The certification covers our entire SaaS platform, global offices, development processes, sales, support, and all operations. PinMeTo implements over 90 security controls including AES-256 encryption at rest, TLS 1.2+ in transit, multi-factor authentication, and 24/7 incident response.

When you manage 100+ locations across search, maps, and social media networks, security is not optional. It is essential. Your business information, customer interactions, and brand reputation depend on a platform you can trust.

See the certificate (PDF)

Our Security Commitment to Your Business Growth

We have put in place a comprehensive Information Security Management System (ISMS), a blueprint backed by our executive leadership that defines our data protection strategy across all touchpoints. Our security covers every PinMeTo product, from Listings and Reviews to Places AI.

Aligned with Your Business Priorities

For Enterprise Customers: ISO 27001 certification addresses your compliance requirements and risk management frameworks, streamlining vendor assessments and contract approvals. See how enterprise brands work with us in our case studies.

For Growing Brands: Our security infrastructure scales with your business. Whether you are expanding into new markets (Middle East, India) or adding locations, our security controls grow with you.

For Multi-National Operations: We understand complex regulatory environments. Our ISMS complies with GDPR, regional data protection laws, and industry-specific requirements across 130+ countries.

What ISO 27001:2022 Certification Means for You

ISO 27001 is the international gold standard for information security management. Our certification demonstrates:

Systematic Risk Management

We identify, assess, and mitigate security risks that could impact your business operations across 100+ networks including Google, Facebook, Apple, Bing, and more.

Continuous Security Improvement

Through regular audits, monitoring, and testing, we continuously enhance our security posture to stay ahead of evolving threats.

Proven Security Controls

We implement more than 90 security controls covering access management, encryption, incident response, business continuity, and more.

Independent Verification

Our certification is validated by external auditors with annual surveillance audits, ensuring ongoing compliance and effectiveness.

Customer Data Protection

Your business information, from location details to customer reviews, is protected with enterprise-grade security throughout its lifecycle.

How Does PinMeTo Protect Customer Data?

PinMeTo's Information Security Management System (ISMS) is built on seven core pillars that protect your data while enabling business agility.

1. Risk-Based Security Strategy

We continuously assess threats to your data across our platform and 100+ network integrations.
Potential security risks are identified and prioritized before they impact your operations, with targeted mitigation strategies.
We strive to understand which systems are critical to your success, with recovery objectives tailored to minimize business disruption.
All service providers undergo security assessments, with Data Processing Agreements ensuring they meet our security standards.

What this means for you: Your data is protected by systematic risk management that anticipates and prevents security issues.

2. Infrastructure Security and Cloud Protection

Primary hosting in AWS Ireland with redundancy for business continuity.
Encryption Standards:
- Data at rest: AES-256 encryption
- Data in transit: TLS 1.2+ encryption
- Database encryption for all customer data
24/7 security monitoring, intrusion detection, and automated threat response.
Annual third-party security assessments identifying and addressing vulnerabilities before they can be exploited.

What this means for you: Enterprise-grade infrastructure protection ensuring your business information remains secure and accessible.

3. Secure Product Development

Security is integrated into every stage of our product development process, aligned with our Product Development practices:

Security by Design: Security requirements defined during the Discovery phase, before any code is written.
Mandatory Risk Assessments: Every new feature undergoes security risk assessment before deployment to production.
Secure Coding Practices: Development teams trained in secure coding, with security testing integrated throughout delivery.
Change Management: Structured process with risk-based controls ensuring all changes are safely deployed:
- Low risk changes: Streamlined deployment
- Medium risk changes: Peer review and approval
- High risk changes: Comprehensive mitigation planning and testing

What this means for you: New features and updates are delivered quickly while maintaining security and reliability.

4. Access Control and Authentication

Multi-Factor Authentication (MFA): Required for all platform access, preventing unauthorized access even if passwords are compromised.
Role-Based Access Control (RBAC): Users access only the data and features they need, following least privilege principles.
Access Reviews: Regular reviews ensuring access rights remain appropriate as roles change.

What this means for you: Your team members access exactly what they need, with strong authentication preventing unauthorized access.

5. Incident Response and Business Continuity

24/7 Incident Response: Documented procedures for detecting, responding to, and recovering from security incidents.
Data Breach Management: GDPR-compliant breach notification procedures with severity assessment framework.
Communication Protocols: Clear stakeholder notification procedures during incidents, keeping you informed.

What this means for you: If disruptions occur, we have tested procedures to restore service quickly and keep you informed throughout.

6. Security Policies and GDPR Compliance

PinMeTo is fully GDPR compliant with institutionalized processes aligned to the General Data Protection Regulations. Our Comprehensive Policy Framework covers information security policies including:

Data protection and privacy (GDPR compliance)
Access control and authentication
Secure development practices
Incident management
Vendor management
Physical and environmental security
Acceptable use and employee conduct

Regular Policy Reviews: Reviews ensuring policies remain current with regulatory changes and business evolution.

Documentation Standards: All security activities documented, maintaining audit trails and compliance evidence.

What this means for you: Our policies ensure consistent security practices and help you meet your own compliance obligations.

7. Security Awareness and Culture

Regular Security Training: All employees complete security awareness training covering:

Phishing and social engineering
Data protection best practices
Incident reporting procedures
Secure remote work
GDPR and privacy requirements

Phishing Simulations: Regular testing ensuring employees can identify and report security threats.

Non-Conformity Reporting: Encouragement for proactive reporting of security issues beyond audit findings, supporting continuous improvement.

What this means for you: Our entire team is trained to protect your data, creating a strong security culture throughout the organization.

Continuous Compliance and Improvement

External Surveillance Audits

Frequency: Annual surveillance audits by independent certification body
Process: External auditors verify continued compliance with ISO 27001:2022
Certification Renewal: Full re-certification audit every three years

How Our Security Supports Your Business Goals

For Sales and Marketing Teams

ISO 27001 certification streamlines security questionnaires and vendor assessments, accelerating enterprise deals. Security certification differentiates PinMeTo from competitors who lack formal security frameworks.

For Operations Teams

Business continuity planning ensures consistent platform availability. Our security infrastructure scales with your business, from 100 to 1,000+ locations without compromise.

For IT and Security Teams

ISO 27001 certification satisfies security requirements in your vendor assessment processes. Comprehensive security controls protect business data throughout its lifecycle.

For Executive Leadership

Systematic approach to security reducing business risk from data breaches or service disruptions. ISO 27001 framework supports compliance with GDPR, industry regulations, and regional data protection laws.

Industry-Specific Security Considerations

Automotive and EV Charging

Protecting location data for charging stations, dealerships, and service centers across multiple brands and networks.

Retail and Supermarkets

Securing high-volume location data, promotional information, and customer interaction data across hundreds of stores.

Municipalities and Government

Meeting government security standards and public sector compliance requirements for civic locations and services.

Financial Services

ISO 27001:2022 certification provides financial institutions with 70-80% of DORA's ICT risk management requirements pre-implemented through independently audited security controls, reducing vendor assessment timelines from months to weeks.

Transparency and Customer Rights

Security Documentation

Available to customers:

ISO 27001:2022 certificate

Available to customers under NDA:

Security policy summaries
Incident response procedures
Business continuity plans
Audit reports (summary)
Summary of penetration tests

"PinMeTo prioritizes the personal data and information security of our customers and we strive to be the most trusted partner in the industry by taking these concerns seriously and implementing strong measures to protect our customers' data."

Henrik Schmidt

CEO, PinMeTo

Why Security Matters to PinMeTo

Security is not just about compliance. It is about being a trusted partner as you grow your multi-location business. Whether you are managing 100 locations today or planning to scale to 1,000+ locations across new markets, our ISO 27001:2022 certification demonstrates our commitment to protecting your business every step of the way. Learn more about PinMeTo or book a demo to see our platform in action.

Learn More

GDPR – Our data protection practices and your rights

ISO 27001:2022 Certified | GDPR Compliant | Trusted by Multi-Location Brands Worldwide

Frequently Asked Questions

Is PinMeTo ISO 27001 certified?

Yes. In October 2023, PinMeTo became the first multi-location brand management platform to achieve ISO 27001:2022 certification, audited and verified by DNV (certificate number C583993). The certification covers PinMeTo's SaaS platform, global offices, development processes, sales, support, and all operations. PinMeTo implements over 90 security controls including AES-256 encryption at rest, TLS 1.2+ in transit, and multi-factor authentication.

How does PinMeTo protect customer data?

PinMeTo protects customer data through a comprehensive Information Security Management System (ISMS) built on seven pillars: risk-based security strategy, infrastructure security with AWS hosting and AES-256 encryption, secure product development with security-by-design practices, role-based access control with MFA, 24/7 incident response, GDPR-compliant security policies, and ongoing security awareness training for all employees.

Is PinMeTo GDPR compliant?

Yes. PinMeTo is fully GDPR compliant with institutionalized processes aligned to the General Data Protection Regulations. All employees, external partners, and service providers receive training on GDPR-compliant practices. PinMeTo's primary hosting is in AWS Ireland (EU), and all Data Processing Agreements ensure service providers meet our security standards.

What security controls does PinMeTo implement?

PinMeTo implements more than 90 security controls covering: AES-256 encryption for data at rest, TLS 1.2+ encryption for data in transit, multi-factor authentication (MFA) for all platform access, role-based access control (RBAC), 24/7 security monitoring with intrusion detection, annual third-party penetration testing, GDPR-compliant data breach management, and comprehensive business continuity procedures.

Does PinMeTo's ISO 27001 certification help with DORA compliance?

Yes. PinMeTo's ISO 27001:2022 certification provides financial institutions with 70-80% of DORA's ICT risk management requirements pre-implemented through independently audited security controls. This can reduce vendor assessment timelines from months to weeks while ensuring EU data sovereignty and operational resilience compliance.

Have Security Questions?

For any security-related inquiries, feel free to reach out to us.

Contact PinMeTo

Name	Provider	Purpose	Duration	Type
_ga	Google Analytics	Used to distinguish unique users	2 years	HTTP
_ga_*	Google Analytics	Used to persist session state and throttle request rate	2 years	HTTP
_gid	Google Analytics	Used to distinguish unique users	24 hours	HTTP

Name	Provider	Purpose	Duration	Type
__hssc	HubSpot	Tracks sessions and determines whether to increment the session number in __hstc	30 minutes	HTTP
__hssrc	HubSpot	Detects whether the visitor has restarted their browser	Session	HTTP
__hstc	HubSpot	Main HubSpot tracking cookie; contains domain, initial timestamp, last timestamp, current timestamp, and session number	6 months	HTTP
hubspotutk	HubSpot	Identifies a unique visitor and links form submissions to their contact record in HubSpot	6 months	HTTP
_gcl_au	Google Ads	Used by Google Ads to attribute conversions across sites	3 months	HTTP