Security and privacy are main priorities for Socialpayme. Our security policies and measures are constantly reviewed to ensure they are up-to-date and compliant with the industry standards.
All data sent to or from Socialpayme infrastructure is encrypted in transit and secured against downgrade attacks using a robust HTTP Strict Transport Security (HSTS) policy.
Socialpayme backs up its critical assets and regularly attempts to restore backups to test the processes in place, guaranteeing a safe and fast recovery in case of disaster. Backups are encrypted and we only make use of compliant data centers.
Socialpayme has at its disposal processes and tooling that enables us to continuously deliver secure software to our cloud infrastructure and applications.
● All code changes go through a code review process and require at least one approval from a different member of the development team.
● Socialpayme's security team works hand to hand with the development teams to provide assistance during the different stages of the software development lifecycle (SDLC).
● Socialpayme developers participate in regular security trainings to learn about common vulnerabilities and secure development practices.
● Socialpayme's continuous integration (CI) pipeline automatically performs static application security testing (SAST) on code changes to detect insecure code patterns.
● Socialpayme has tooling in place to automatically update vulnerable and outdated dependencies.
● Socialpayme uses error tracking solutions in the applications' front and back ends to detect potential attacks and vulnerabilities.
We use security monitoring solutions to obtain visibility into our organization security, identify attacks and quickly respond to security incidents.
We use error monitoring, alerting and anomaly detection technologies in all our systems.
We collect logs and retain them during at least one year, to provide an audit trail of our systems activity.
Socialpayme is compliant to the General Data Protection Regulation (GDPR), ensuring that all customer and employee personal information is treated with the highest level of security and in a lawful manner.
Socialpayme ensure a that all payment information is processed and stored following the strict Payment Card Industry Data Security Standards (PCI DSS).
As part of our commitment to security, we have a bug page on our website that allows us to get receive all vulnerabilities in our applications. If you have discovered a vulnerability on any of Socialpayme Apps, we encourage you to report it through our bug page on https://socialpayme.com/bugs