Encryption of data
All data sent to and from our website and store locator communication to our server platform is encrypted using HTTP Secure (HTTPS / SSL) SHA-256 certificates.
Any confidential or user identifiable information such as PII, payment or user account data is encrypted while at rest on our internal and third party managed storage infrastructure and computing devices.
All passwords used to authenticate to the Store Locator Admin panel on our website are hashed and salted using bcrypt. No cleartext passwords are stored at any time.
Customer password recovery is via email to the customer's registered email address only. At no time do our administrators have access to unencrypted customer passwords.
We use Two Factor Authentication (TFA) to authenticate to our Amazon cloud services to ensure that no third party could gain access to our Amazon account via password leaks or other impersonation attempts.
Access Control and Privileged Account Usage
Access to privileged data is restricted to a limited number of named individuals performing specific IT functions that require these privileges on a need to have basis only. Access privileges are audited on a quarterly basis to ensure that they are accurate and up to date.
Access control mechanisms including (but not limited to) password length and complexity rules, account lockout periods and automatic entry timeouts are in place and are configured in accordance with industry best practice.
All personnel with privileged access to manage production systems are provided with appropriate training prior to being granted access.
Protection of Credit Card Information
We use the third party payment provider Stripe to manage payments made for our Subscriptions. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. For Stripe's full security statement, please see this link: https://stripe.com/docs/security/stripe
We do not store our customer's credit card information and all credit card information sent to Stripe is encrypted by SSL during transmission.
Change Management Controls
Any change that could affect our store locator service is required to follow change management processes including the delivery of all changes to a testing environment before being applied to production.
Data resiliency / redundancy
Our data is hosted on Amazon Simple Storage Service (S3). We have multiple copies of the data hosted in separate Amazon S3 zones in different regions so in the event of a complete Amazon zone failure we will still be able to service client requests and ensure that our customer's widgets remain functional.
We use Amazon Cloudfront Content Delivery Network (CDN) to ensure that our widget script and data requests are serviced as quickly as possible and to mitigate the risk of denial of service (DOS) attacks.
All client data is backed up daily to a separate physical location to our primary server infrastructure.