Search Pilla

Search pages and workflows, or ask Poppi (AI).

Security at Pilla

Last updated: 28th June 2026 · Version 1.0

How Pilla protects your data: UK hosting, encryption, tenant isolation, backups, access control, and data protection.

Our approach to security

Pilla helps organisations manage and coordinate their frontline teams, which means we are trusted with information about your people and your operations. We take that seriously. This page explains, in plain terms, how we protect your data, where it lives, and how we keep the platform reliable.

If you are evaluating Pilla on behalf of your organisation and need more detail than this page provides, please get in touch using the security contact at the bottom.

Where your data is hosted

Pilla runs on managed cloud infrastructure provided by Supabase, hosted on Amazon Web Services (AWS). Your core data, including your database, files, and authentication records, is stored in the AWS London region. This means your data is held in the United Kingdom.

A small number of supporting services we rely on operate in other regions. Where that is the case, those transfers are covered by appropriate safeguards as described in the data protection section below.

Encryption

All data is encrypted in transit and at rest:

  • In transit: every connection to Pilla, on the web app and the mobile app, is protected with TLS (HTTPS). Data moving between you and Pilla, and between Pilla and its infrastructure, is encrypted.
  • At rest: the database and stored files are encrypted at rest using industry-standard AES-256 encryption.

Tenant isolation

Pilla is a multi-tenant platform, which means many organisations are served from shared infrastructure. Your data is kept logically separate from every other customer's data.

Every record in Pilla is tied to a single customer account. Isolation is enforced at the database layer, on every query, using row-level security policies, rather than relying on application code to remember to filter correctly. The result is that one customer's users can never read or write another customer's data.

Availability and reliability

Pilla is hosted on managed cloud infrastructure and is continuously monitored. Errors and anomalies are logged and alerted on so that issues can be identified and addressed quickly.

Backups and recovery

Pilla's production database is backed up automatically every day, with backups held in the same UK region as the live data. This allows us to recover the platform in the event of a serious failure or data-loss incident.

Authentication and access control

  • Passwordless sign-in: Pilla does not ask your team to create or manage passwords. People sign in using a secure, single-use magic link sent to their email address, which removes an entire category of password-related risk.
  • Role-based access: within each customer account, access is governed by roles. Administrators, managers, and staff each see and do only what their role permits, following the principle of least privilege.

Data protection

Your Pilla Ltd (trading as Pilla) is a UK limited company and is registered with the Information Commissioner's Office (ICO registration number ZB114085).

For the personal data of your team members, the relationship is as follows:

  • The organisation that subscribes to Pilla is the data controller.
  • Pilla is the data processor, processing that data on your behalf and under your instructions.

We make a Data Processing Agreement (DPA) available to customers, which sets out our obligations as a processor in line with the UK GDPR. Individuals can exercise their data protection rights, including access and erasure; see our Right to Erasure page and our Privacy Policy for detail.

Sub-processors

Pilla relies on a small number of carefully selected third-party providers to deliver the service, for example for hosting, email delivery, payments, and analytics. We hold each to appropriate data protection standards. A current list of our sub-processors is available on request and forms part of our Data Processing Agreement.

Reporting a security issue

We welcome reports from security researchers and customers. If you believe you have found a security vulnerability in Pilla, please email us at security@yourpilla.com with the details. We will acknowledge your report and work with you to resolve the issue. Please give us a reasonable opportunity to address any issue before disclosing it publicly.

Contact

For any question about Pilla's security or data protection practices, contact us at security@yourpilla.com.