End-to-End Encryption
All data in transit and at rest is encrypted using industry-standard protocols.
- TLS 1.3 for data in transit
- AES-256 for data at rest
- Encrypted backups
Enterprise Security
Security & Compliance
Enterprise-grade security and compliance that finance, ops, and legal teams trust.
Data Protection
Data Handling
How we handle, store, and protect your data.
Secure Infrastructure
Data stored in SOC 2 Type II compliant infrastructure with regular security audits.
- AWS / GCP infrastructure
- Regular penetration testing
- 24/7 security monitoring
Retention Policies
Clear data retention and deletion policies that comply with GDPR and CCPA.
- Configurable retention periods
- Automated data deletion
- Right to deletion
No Third-Party Sharing
We never sell your data. Data is only shared with fulfillment partners for orders.
- No data sales
- Partner agreements in place
- Minimal data sharing
Access Control
Role-Based Access Control
Granular permissions that ensure the right people have access to the right data.
Four Roles
Admin, Manager, Sender, Viewer β four distinct roles with clearly defined permissions.
Fine-Grained Control
Control access to billing, analytics, automation rules, and team management.
Workspace Isolation
Each workspace is completely isolated. No cross-workspace data access.
SSO Support
Enterprise SSO support via SAML 2.0 for secure authentication.
Transparency
Audit Logs
Complete visibility into who did what, when, and why.
All Actions Logged
Every action in the system is logged with user, timestamp, and context.
- User logins & logouts
- Gift sends & modifications
- Rule creation & changes
- Billing & credit changes
Long-Term Storage
Audit logs retained for 7 years to meet compliance requirements.
Exportable Logs
Export audit logs in CSV or JSON format for compliance reporting.
Real-Time Alerts
Real-time alerts for suspicious activity or unauthorized access attempts.
Certifications
Compliance Posture
Meeting the compliance requirements that matter to enterprise buyers.
SOC 2 Type II
Currently undergoing SOC 2 Type II certification. Expected completion Q2 2024.
GDPR Compliant
Full GDPR compliance with data processing agreements and privacy policies.
CCPA Compliant
California Consumer Privacy Act compliance with right to deletion and data portability.
DPA Available
Standard DPAs available for enterprise customers upon request.
Payments
Payment Security
Secure payment processing that meets PCI DSS requirements.
PCI DSS Level 1
Payment processing via Stripe with no card data stored on our servers.
Stripe Security
All payments processed through Stripe, trusted by millions of businesses.
Invoice Options
Enterprise customers can use invoicing (Net-30/Net-60) to avoid card storage.
Operations
Security Best Practices
How we maintain security at every level of our platform.
Regular Audits
Regular third-party security audits and penetration testing.
Patch Management
Rapid response to security vulnerabilities with regular patch cycles.
Employee Training
All employees undergo security training and background checks.
Incident Response
24/7 security monitoring with defined incident response procedures.
Have Security Questions?
Contact our security team for detailed security documentation, DPAs, or compliance questions.