Security & Responsible Disclosure

From You to Your Customers.

We take your security and data processing needs very seriously.

Data travels safely to and from your CloudFlare Web Application Firewall protected site on servers professionally managed, updated, and monitored by our devops team and is monitored live 24/7. Regular PCI and security scans ensure both your customers and your business stay secure.

We serve all internet traffic encrypted via HTTPS. We follow modern best security practices and test regularly for the OWASP Top 10.

We do not store credit card information ever, instead we use payment processing gateways that allow for 'tokenized' access to customer payment information, so there is no payment information in our databases for anyone to attempt to steal, reducing the risk of a security incident. Instead, all payment information is collected and processed using either a hosted form provided by the payment gateway, or the customer is redirected to the payment gateway to enter in their payment information.

All passwords are salted and one-way encrypted (this means you can't see what a customer's password is).

 

Online Payment Integrations

All of the payment gateway integrations that Kiva Logic provides qualify your business for PCI SAQ A. This means that no payment information is ever handled or processed by Kiva Logic or your business, and instead is processed directly by the payment gateway of your choosing.

Stay Open.

Our high availability setup with automatic failover keeps you open for business. Regular, secure backups mean you’ll always have access to important data on your customers and your bottom line as your traffic increases. We offer a 99.98% SLA, and you can view our uptime history here.

Help is Here.

When you have questions, we have answers. Visit our documentation or contact us with your questions. Suggestions and feedback are always welcome!

What should I tell my customers?

We know that you may have customers that would like to know about your website security and may have questions about payment processing. Try this out for size, and if you need more information or have questions, we're only an email away (replace Stripe.com with your gateway, and YOURCOMPANY with... well, your company name!):

"YOURCOMPANY uses Stripe.com hosted forms for all payment data collection. Stripe.com is certified Level 1 PCI DSS compliant (https://stripe.com/docs/security/stripe). Your payment data never touches our website and instead is handled directly by Stripe.com through hosted payment information forms that return only a token to be stored with your Bodhi account. This qualifies YOURCOMPANY for maintaining our PCI requirements using the PCI SAQ A level.

Your account information is protected using one way encryption using a unique salt to store a hash of your password- we do not store or log your password. Admin users must use strong passwords and receive notifications on every admin login.

We use a Web Application Firewall set to the highest levels of protection provided by CloudFlare, undergo regular security scans by Tinfoil Security, have a dedicated devops team that keeps our server software up-to-date while monitoring our infrastructure 24/7, and we follow modern best practices for web development security as dictated by OWASP (The Open Web Application Security Project)."


Responsible Disclosure. Just in Case.

Please see https://www.kivalogic.com/security-policy




Loading