Security

SECTION 1

Secure and reliable infrastructure

Giftpack uses Google Cloud Platform (GCP) for secure and resilient hosting of staging and production environments. Giftpack leverages multiple availability zones to redundantly store customer data. GCP data centers are monitored by 24-7 security, biometric scanning, video surveillance and are continuously certified across a variety of global security and compliance frameworks.

SECTION 2

World Class Application Security

Data Encryption

Data is encrypted in-transit using TLS 1.2+, 1.3 and at-rest using an industry standard AES-256 encryption algorithm. All the Internet payloads are encrypted with EV SSL (Enterprise level of Secure Sockets Layer), you can view the certification on your browser directly.

Single Sign-On (SSO)

SSO allows you to authenticate users in your own systems without requiring them to enter additional login credentials. Single sign-on is a federated identity management (FIM) arrangement, and the use of such a system is sometimes called identity federation. OAuth, which stands for Open Authorization and is pronounced "oh-auth," is the framework that enables an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password. OAuth acts as an intermediary on behalf of the end user by providing the service with an access token that authorizes specific account information to be shared. When a user attempts to access an application from the service provider, the service provider will send a request to the identity provider for authentication. The service provider will then verify the authentication and log the user in.

Data Permission and Authentication

Access to customer data is limited to authorized employees who require it for their job and data access is logged with SoC2 standard. Giftpack classifies data and information systems in accordance with legal requirements, sensitivity, and business criticality in order to ensure that information is given the appropriate level of protection. Data owners are responsible for identifying any additional requirements for specific data or exceptions to standard handling requirements.

Incident Response

Our incident response program addresses events which cause disruptions to the quality of our service. This includes defined escalation paths and engaging the appropriate teams to investigate, communicate, and remediate the incident.

Software Development Lifecycle (SDLC) Security

Giftpack implements human review processes in order to ensure consistency in our software development practices with high quality CI/CD process. All Giftpack’s applications and information systems that are business critical and/or process, store, or transmit Confidential data. This policy applies to all internal and external engineers and developers of Giftpack’s software and infrastructure.

Vulnerability Management

Giftpack regularly scans production infrastructure, applications and networks for vulnerabilities using off-the-shelf tools to identify potential threats that could impact our systems.

Corporate Security

Giftpack leverages internal services which require TLS for network access and individually authenticate users by way of a central identity provider and leveraging two factor authentication (2FA) wherever possible.

Giftpack personnel undergo regular security and privacy awareness training that weaves security into technical and non-technical roles; all employees are required to participate in helping secure our customer data and company assets.

Customer Support

Giftpack provides 24/7 dedicated customer support in English, Chinese, Japanese, and Korean for all the issues our clients might encounter when using the application or during the internal evaluation process.

SECTION 3

Enterprise-grade Compliance