Yes, our organization is fully compliant with the California Consumer Privacy Act (CCPA). We value our clients' privacy rights and adhere to all state, national, and international regulations concerning data privacy. Our practices align with the CCPA's guidelines to ensure the highest standard of privacy protection for all our clients, including those based in California. We commit to transparency, user control over personal data, and accountability in our data practices, as dictated by the CCPA.
Yes, our organization, including MyCase, is fully compliant with the Payment Card Industry Data Security Standard (PCI-DSS). As a Level 1 service provider, we are subject to the most rigorous level of compliance requirements. This includes an annual Report on Compliance (RoC) conducted by a third-party Qualified Security Assessor (QSA) auditor. Additionally, we utilize a third-party QSA to audit MyCase against an SAQ-D (Self-Assessment Questionnaire-D), and MyCase has an Attestation of Compliance (AoC). This extensive process ensures that we are upholding the highest standards for cardholder data security and maintaining the strictest controls to protect our clients' sensitive payment information. Our Level 1 PCI-DSS compliance, along with MyCase's specific compliance measures, provides our clients and prospective clients with the utmost confidence in our commitment to secure payment processing.
- Product Security
- Multi-Factor Authentication
Absolutely, our organization prioritizes user security, and as part of this commitment, we have implemented multi-factor authentication (MFA) for all our systems. Not only is MFA applied to our internal systems, but it is also a default feature in all our customer-facing solutions. This security measure adds an extra layer of protection by requiring users to provide two or more verification factors to gain access to their accounts. Our robust MFA implementation reinforces our commitment to safeguarding user data and maintaining the integrity and security of our solutions.
- Data Security
- Data Encrypted At-Rest
Absolutely, our organization is committed to the highest level of data security, which includes encrypting all data at rest. This means that any stored data in our systems is fully encrypted, safeguarding it from unauthorized access. Furthermore, we also ensure encryption of data in transit, providing an additional layer of security and maintaining the integrity and confidentiality of your data as it moves across our systems. These practices are a vital part of our comprehensive data protection strategy.
- Data Encrypted In-Transit
Yes, our organization is committed to ensuring data security at all stages, including when data is in transit. This means that all data moving between our systems or between our systems and end-users is encrypted using industry-leading protocols. By doing so, we ensure the integrity and confidentiality of the data, protecting it from being compromised or intercepted during transmission. Additionally, we also encrypt data at rest, providing comprehensive protection for all data stored within our systems. Our stringent data protection measures emphasize our commitment to preserving the security and privacy of our clients' information.
- Data Retention Policy
Yes, our organization has a well-defined data retention policy that stipulates where and for how long data is stored or archived. We strictly adhere to these guidelines in both our internal operations and in the handling of customer data. Our data retention policy is designed to ensure that data is kept securely for the necessary period of time, in compliance with legal, regulatory, and business requirements, and then disposed of in a secure and responsible manner. This policy further illustrates our commitment to protecting our clients' data and maintaining transparency about our data handling practices.
1 more topic
- Incident Management & Response
- Data Breach Notification
Yes, our organization is fully prepared and has a defined policy in case of a data breach that outlines how users will be notified about any unauthorized disclosure of their data. We understand the critical importance of rapid response in such situations to minimize potential harm. If you have any questions regarding security, suspect a security breach, or become aware of any unauthorized use of an account or loss of your account credentials, we ask you to immediately notify us via email at [email protected]. In the event of a security system breach, we commit to notifying you of the occurrence as required by applicable law, prioritizing transparency and user trust.
- Availability & Reliability
- Data Redundancy
Yes, our organization takes data protection seriously and utilizes a strategy that includes storing multiple copies of data to guard against data loss. We partner with Amazon Web Services (AWS) to store our backups in geographically dispersed locations. This approach not only provides high availability but also protects data in the event of a regional incident. These backups are securely stored and redundant, ensuring that our client's data is safe, secure, and accessible when needed. Our comprehensive data backup strategy emphasizes our commitment to data preservation and operational resilience.
- Infrastructure Redundancy
1 more topic
- Organizational Security
- Employee Background Checks
- Employee Security Training
4 more topics
- PCI-DSS - Data Center
Yes, our organization's data centers are compliant with the Payment Card Industry Data Security Standard (PCI-DSS). We host our data within Amazon Web Services (AWS), which is recognized as a compliant entity under several recognized standards including SOC2, ISO27001, and PCI-DSS. These certifications provide assurance that AWS maintains a robust security framework, including the necessary safeguards for payment card data. Thus, our use of AWS for data hosting not only offers scalability and reliability but also aligns with our commitment to ensuring the security and privacy of our clients' data.
- SOC 2 Type II - Data Center
Yes, our organization's data centers are indeed SOC 2 compliant. We host our data within Amazon Web Services (AWS) data centers, which are fully certified as SOC 2 compliant. This ensures our commitment to security and privacy as we handle our client's sensitive data, following stringent standards set by the American Institute of Certified Public Accountants (AICPA). Our use of SOC 2 compliant data centers demonstrates our dedication to maintaining a high level of security and privacy for our clients.
1 more topic
- Threat Management
- Penetration Testing
Yes, our organization prioritizes security and as such, we conduct regular penetration testing as a proactive measure to prevent cyberattacks. These tests are performed by independent third-party firms, bringing an unbiased perspective and expert knowledge to identify and assess potential vulnerabilities in our systems. The penetration testing extends to both our internal and external resources and is a key component of our annual PCI compliance process. This approach underlines our commitment to maintaining robust security practices and protecting our systems and data from potential cyber threats.
- Vulnerability Scanning
Yes, our organization is proactive about cybersecurity, and as part of our strategy, we perform regular vulnerability scanning across our computers, servers, networks, and applications. This process helps us identify known security weaknesses, ensuring that we stay ahead of potential threats.
Upon identifying any vulnerabilities, we follow a strict remediation process, guided by our policies that are grounded in industry best practices and frameworks. This diligent approach allows us to promptly address any security weaknesses, minimizing risks, and maintaining the integrity and security of our systems and data. This underlines our commitment to maintaining a secure environment for all our stakeholders.
Sign up to see the rest of AffiniPay's posture and unlock unlimited access.
Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.