Security at Pier
Last updated: July 3, 2026
Pier is secure file transfer for anyone who can't afford to get it wrong. Whether you're a medical practice sending patient records, a law firm sharing case files, a production studio moving cuts and masters, a finance team handling statements, or just someone who refuses to send sensitive files over email — Pier is built so security is the default, not an upgrade.
Encryption everywhere
Every file is encrypted in transit using modern TLS and encrypted at rest with AES-256. Encryption keys are managed under dedicated, access-controlled key policies with automatic annual rotation — not shared defaults.
Access is never assumed
Pier follows a zero-trust model: every request is verified, every time.
- Multi-factor authentication is mandatory for all administrator and owner accounts — enforced on the server for every request, not just at login.
- Role-based access control with Owner, Admin, and Member tiers limits every user to exactly what their role permits.
- Session controls include configurable timeouts, active session visibility, and instant revocation.
Control over every transfer
- Password-protected transfers and email domain restrictions let you control who can receive files.
- Expiring, rotating links — receive links can be invalidated at any time, and revoked transfers are cleaned up completely.
- Document watermarking for PDFs deters leaks of sensitive documents.
Everything is logged
Every access event is recorded — who, what, when, and from where — and audit logs are exportable for your own compliance records. Denied access attempts are captured with the identity behind them, not silently dropped.
Actively defended
Pier's infrastructure is protected by a web application firewall, continuous threat detection, and automated vulnerability scanning of every production component. Point-in-time recovery protects your data against loss.
Built to government standards
Pier Labs is undergoing CMMC Level 2 self-assessment, mapping our controls against all 110 requirements of NIST SP 800-171 — the standard the U.S. Department of Defense requires of its contractors. We build to that bar for every customer, not just government ones. If demanding customers in healthcare, law, media, finance, and government can rely on Pier, so can you.
Responsible disclosure
Found a vulnerability? We want to hear about it: security@pierlabs.pro.