PingBell
Start free trial
Docs

Security at PingBell

PingBell processes counter events. We don't process customers, payments, or health records — and that shapes everything below.

What we don't store

  • Customer PII from your webhooks. Names, emails, addresses, and IPs are dropped on arrival before anything is written to disk.
  • Payment card or bank details. Stripe handles those; we only see the last four digits and expiration.
  • Social Security numbers, PHI, or anything resembling them.
  • The raw webhook payload. We extract the count and discard the rest.

What we do store

The numeric value, the timestamp, and a source ID + event ID for deduplication. That's it.

The stack

PingBell runs on Firebase / Google Cloud. All data at rest is encrypted with Google-managed keys. Every connection — API, dashboard, webhook — requires TLS 1.2 or higher. Unencrypted traffic is refused.

Authentication

Passwordless. You sign in with a one-time link emailed to you. There are no stored passwords to leak. We don't use third-party social login. Inside an account, role-based controls limit who can view, edit, or administer each counter.

Integrations

Shopify and Stripe are read-only — we cannot write to your store or charge cards. Order PII coming through Shopify webhooks is discarded on receipt. Connections through Zapier, Make, Pabbly, or viaSocket inherit whatever scopes you granted those platforms; we only see the event they forward. You can revoke any integration from its own settings or from your PingBell dashboard.

Subprocessors

  • Google Cloud / Firebase — hosting, database, auth
  • Cloudflare — marketing site CDN
  • Stripe — payments

DPAs in place for each. Email [email protected] for the current definitive list.

Compliance

PingBell is not SOC 2 or ISO 27001 certified. HIPAA BAAs are not available — do not send PHI through PingBell. This page will be updated when any of that changes, and not before.

If something goes wrong

We will email affected customers and post on the in-app dashboard. To report a vulnerability, email [email protected]. We acknowledge within 24 hours and aim to resolve critical issues within 7 days. No formal bounty program yet; responsible disclosures get public credit (with permission) and swag.

Deleting your data

Account settings → Delete account. Immediate and irreversible. Backups purged within 60 days.

Questions: [email protected].

Back to docs