All data sent to and from our website and store locator communication to our server platform is encrypted using HTTP Secure (HTTPS / SSL) SHA-256 certificates.
All passwords used to authenticate to the Store Locator Admin panel on our website are hashed and salted using bcrypt. No cleartext passwords are stored at any time.
Customer password recovery is via email to the customer's registered email address only. At no time to our administrators have access to unencrypted customer passwords.
We use Two Factor Authentication (TFA) to authenticate to our Amazon cloud services to ensure that no third party could gain access to our Amazon account via password leaks or other impersonation attempts.
We use the third party payment provider Stripe to manage payments made for our Subscriptions. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. For Stripe's full security statement, please see this link: https://stripe.com/docs/security/stripe
We do not store our customer's credit card information and all credit card information sent to Stripe is encrypted by SSL during transmission.
Our data is hosted on Amazon Simple Storage Service (S3). We have multiple copies of the data hosted in separate Amazon S3 zones in different regions so in the event of a complete Amazon zone failure we will still be able to service client requests and ensure that our customer's widgets remain functional.
We use Amazon Cloudfront Content Delivery Network (CDN) to ensure that our widget script and data requests are serviced as quickly as possible and to mitigate the risk of denial of service (DOS) attacks.
All client data is backed up daily to a separate physical location to our primary server infrastructure.