Giftpack is committed to the security of our customers and their data. As a cloud-based company entrusted with some of our customers’ most valuable data, we are focused on keeping you and your data safe. Giftpack undergoes periodic penetration testing, designed to be GDPR-compliant. We encrypt all data both at rest and in-transit. Our customers entrust sensitive data to our care, because keeping customer data safe is our top priority
Giftpack uses Google Cloud Platform (GCP) for secure and resilient hosting of staging and production environments. Giftpack leverages multiple availability zones to redundantly store customer data. GCP data centers are monitored by 24-7 security, biometric scanning, video surveillance and are continuously certified across a variety of global security and compliance frameworks.
Data is encrypted in-transit using TLS 1.2+, 1.3 and at-rest using an industry standard AES-256 encryption algorithm. All the Internet payloads are encrypted with EV SSL (Enterprise level of Secure Sockets Layer), you can view the certification on your browser directly.
SSO allows you to authenticate users in your own systems without requiring them to enter additional login credentials. Single sign-on is a federated identity management (FIM) arrangement, and the use of such a system is sometimes called identity federation. OAuth, which stands for Open Authorization and is pronounced "oh-auth," is the framework that enables an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password. OAuth acts as an intermediary on behalf of the end user by providing the service with an access token that authorizes specific account information to be shared. When a user attempts to access an application from the service provider, the service provider will send a request to the identity provider for authentication. The service provider will then verify the authentication and log the user in.
Access to customer data is limited to authorized employees who require it for their job and data access is logged with SoC2 standard. Giftpack classifies data and information systems in accordance with legal requirements, sensitivity, and business criticality in order to ensure that information is given the appropriate level of protection. Data owners are responsible for identifying any additional requirements for specific data or exceptions to standard handling requirements.
Our incident response program addresses events which cause disruptions to the quality of our service. This includes defined escalation paths and engaging the appropriate teams to investigate, communicate, and remediate the incident.
Giftpack implements human review processes in order to ensure consistency in our software development practices with high quality CI/CD process. All Giftpack’s applications and information systems that are business critical and/or process, store, or transmit Confidential data. This policy applies to all internal and external engineers and developers of Giftpack’s software and infrastructure.
Giftpack regularly scans production infrastructure, applications and networks for vulnerabilities using off-the-shelf tools to identify potential threats that could impact our systems.
Giftpack leverages internal services which require TLS for network access and individually authenticate users by way of a central identity provider and leveraging two factor authentication (2FA) wherever possible.
Giftpack personnel undergo regular security and privacy awareness training that weaves security into technical and non-technical roles; all employees are required to participate in helping secure our customer data and company assets.
Giftpack provides 24/7 dedicated customer support in English, Chinese, Japanese, and Korean for all the issues our clients might encounter when using the application or during the internal evaluation process.
At Giftpack, we have worked hard to enhance our products, processes, and procedures to ensure our practices are GDPR-compliant.
Giftpack acts as a service provider to customers under the California Consumer Privacy Act (CCPA), and we support our customers’ compliance with the CCPA.
Our SOC 2 Type 2 report attests to the controls we have in place governing the security of customer data as they map to Trust Service Principles (TSPs) established by the American Institute of Certified Public Accountants (AICPA).
We partner with Vanta, the world-leading security monitoring platform, to ensure our security is always at the top standard in real-time checking.