Privacy / Encryption

Do you provide independent 3rd-party penetration testing? May we perform our own independent 3rd-party penetration tests?
Yes, as a part of PCI audit, we did the penetration testing.

Yes, you can perform penetration testing by requesting specific permission from us.

How do you set up environments to comply with various international data privacy regulations?
Card data environment is completely secured and has been validated by PCI DSS audit.

How do you support independent data archiving over multi-year retention periods?
Currently data will be stored in RDS. Once we reach archival stage, data will be archived and stored in S3 bucket.

Do you support the encryption of data-at-rest? What are the costs involved?
All the data is encrypted at rest.

No extra cost involved. We are completely abiding by PCI encryption mandate.