Personnel and Facilities
All members of our team have completed background checks and have gone through security training. Access to offices and systems is done through a defined process as is the removal of it (when needed).
For the platform, security discussions start with feature development. On top of functionality of the feature, we immediately take into consideration the privacy and security requirements as part of it. Once the implementation of the feature starts, our SLDC (Software Development Lifecycle Process) has security validation steps, from code reviews through automated code verification for potential security issues.
Our applications are split into several components. Each of them has a strong, well defined role in the overall system, controlling access to its features and data as needed, providing minimal possible visibility of the data and interaction between components.
The data itself is transmitted, handled and stored securely. The most secure data (credit cards, passwords) is stored with irreversible, one way encryption, so it’s never possible for the data to be visible in its original form. Access to the data is controlled and audited. Data is regularly backed up.
All of our systems are hosted in AWS (Amazon Web Services), and we use several AWS security products to configure high levels of security and monitor access to the systems. On top of that, we use third party products such as anti virus and file and network intrusion detection to monitor potential attacks.
Once the applications are live, we monitor various metrics to verify systems and applications are operating correctly. Based on those metrics, we have specific alarms that will alert the engineering team of potential issues, whether they are operational or security related, and on-call rotations to respond to those alarms.
Don’t take our word for it! Every year, we engage third party vendors to certify our platform for Level 1 PCI and SOC Type II compliance, as well as to perform security penetration testing (Pentest). Any improvements and recommendations are prioritized for design and implementation to make sure our systems are up to the highest security standards in the industry.