RESPONSIBLE DISCLOSURE
We aim to keep SimplePOS safe for everyone, and thus data security is of utmost priority. If you discover a security issue with SimplePOS, we appreciate your help in disclosing it to us in a responsible manner. We’ll work with you to understand and patch the issue in a timely fashion.
Responsible disclosure is the industry best practice. On any data breach and security issue call our support on Telephone Number or contact us via support@pos.app.
SECURITY OF INFRASTRUCTURE & DATA
We combine physical security measures such as access control with system security measures to ensure the security of our hardware, networks, and data.
Physical Security
We host our infrastructure with Digital Ocean Cloud Provider, an ISO 27001 certified company with data centers secured with biometrics, 24-hour surveillance and 24×7 onsite staff providing additional protection against unauthorized entry.
Data center access is restricted to data center technicians only.
System Security
Our systems are kept up-to-date with security patches and consistent using configuration management software.
We use multiple firewalls and VPN services to help block unauthorized system access.
We restrict shell access to our servers to a small set of SimplePOS employees for maintenance. Having said that all access and interaction will be recorded.
To access sensitive data, we use the username and key authentication, keeping password authentication disabled.
All sensitive and financial information will be encrypted using TLS encryption mechanism, so none of SimplePOS or anyone other than a customer can see their data. Having said that some of the information will be available to the SimplePOS support team to allow support to give high-level support to our customer.
All network and server are protected using the modern firewall and anti-virus systems that help SimplePOS to provide a secure place to provide the best and most secure service to the customer.
DATA STORAGE & BACKUPS
We consistently replicate your data to fault-tolerant clusters of database servers. We perform full backups nightly. In the unlikely event of a major data incident, our backup strategy allows us to recover.
CREDIT CARD SAFETY
When you sign up with SimplePOS, we do not store any of your card information on our servers. It is directly handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers