Every component is handled to satisfy industry best practice requirements, including data storage, transmission, access, backup, monitoring, testing, and assessment of our security protocols.
Our ability to protect and maintain the integrity of your subscription data is essential to our success. Our priority is protecting your data, which requires a cross-functional strategy and a variety of small and large activities. Here is a summary of our privacy and security protocols’ main points.
Only three senior executives in the company have access to databases and data storage. Direct data access is not available to developers. Our developers can only access this data through an independently created authentication gateway in human-readable form. The gateway includes a custom querying engine that masks sensitive information, throttles requests, and audits all data query operations.
To provide support, our priority method is to give you support via Teamviewer or Any screen sharing software that provides us web-based access to your system.
Paypeople uses cloud infrastructure from Microsoft Azure and Amazon AWS, each with its own private network. In our development and test environments, we don’t use any other local or on-storage infrastructure to store any client data.
In order to assist our users and clients in complying, Paypeople maintains compliance with the European Data Protection Regulations and maintains audit features, organizational standards, and legal documentation.
Sessions are done using TeamViewer and any other encrypted screen-sharing software, such as 2.04 with 8-bit or better keys and TLS 1.0 or higher. TLS 1.2 or 1.3 will be used by users with modern browsers.
Paypeople uses several tools to monitor potential attacks, including a web application firewall and network-level firewalling. Furthermore, the Paypeople platform includes Distributed Denial of Service (DDoS) prevention defenses to help protect your site and product access.
Paypeople employs static code analysis tools as well as human review processes to ensure consistency in our software development practices. Our Secure Coding practices adhere to OWASP recommendations.
Paypeople products are hosted by cloud infrastructure providers who, among other things, have SOC 2 Type II and ISO 27001 certifications. Among the certified safeguards are dedicated security personnel, strictly managed physical access control, and video surveillance.
The patch management process used by Paypeople identifies and addresses missing patches within the product infrastructure. Server-level instrumentation ensures that tracked software packages are using the latest versions.
Practice security incident process flows and investigation data sources for Paypeople are pre-defined through routine practice sessions and exercises, and they are improved during investigation follow-ups. To make sure that the appropriate actions are taken at the appropriate times, we employ standard incident response process frameworks.
Paypeople often performs tests to look for vulnerabilities. We do scans for infrastructure vulnerabilities and static code analysis.
Several times a year, Paypeople uses outside penetration testing companies to test its infrastructure and products.
Paypeople performs extensive practices and certifications regularly.
Paypeople’s uptime consistently exceeds 99.9%. All customer data is completely backed up to numerous internet replicas and additional snapshots.
Our product and operations teams use proprietary and industry-recognized solutions to monitor application, software, and infrastructure behavior.
Paypeople keeps multiple failover instances running to avoid outages caused by single points of failure.
Paypeople has strong controls in place to recover data and application code as quickly as possible. When applied to data within the same geography, the Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are 30 seconds and 5 seconds, respectively. We have 45 days of point-in-time restoration, so we can restore any desired date and time within the last 45 days. When applied to data stored in different geographies, RPO and RTO are 12 hours and 1 hour, respectively, in the unlikely event of a natural disaster.
