Security

Giftpack uses enterprise-grade security practices to keep your data safe.

Giftpack is committed to the security of our customers and their data. As a cloud-based company entrusted with some of our customers’ most valuable data, we are focused on keeping you and your data safe. Giftpack undergoes periodic penetration testing, is designed to be GDPR-compliant, and encrypts data at rest and in-transit.‍ Our customers entrust sensitive data to our care. Keeping customer data safe is our priority.

gradient ball

SECTION 1

Secure and reliable infrastructure

Giftpack uses Google Cloud Platform (GCP) for secure and resilient hosting of staging and production environments. Giftpack leverages multiple availability zones to redundantly store customer data. GCP data centers are monitored by 24×7 security, biometric scanning, video surveillance and are continuously certified across a variety of global security and compliance frameworks.

SECTION 2

World Class Application Security

Data Encryption

Data is encrypted in-transit using TLS 1.2+, 1.3 and at-rest using an industry standard AES-256 encryption algorithm. All the Internet payloads are encrypted with EV SSL (Enterprise level of Secure Sockets Layer), you can view the certification on your browser directly.

Single Sign-On (SSO)

SSO allows you to authenticate users in your own systems without requiring them to enter additional login credentials. Single sign-on is a federated identity management (FIM) arrangement, and the use of such a system is sometimes called identity federation. OAuth, which stands for Open Authorization and is pronounced "oh-auth," is the framework that enables an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password. OAuth acts as an intermediary on behalf of the end user by providing the service with an access token that authorizes specific account information to be shared. When a user attempts to access an application from the service provider, the service provider will send a request to the identity provider for authentication. The service provider will then verify the authentication and log the user in.

Data Permission and Authentication

Access to customer data is limited to authorized employees who require it for their job and data access is logged with SoC2 standard. Giftpack classifies data and information systems in accordance with legal requirements, sensitivity, and business criticality in order to ensure that information is given the appropriate level of protection. Data owners are responsible for identifying any additional requirements for specific data or exceptions to standard handling requirements.

Incident Response

Our incident response program addresses events which cause disruptions to the quality of our service. This includes defined escalation paths and engaging the appropriate teams to investigate, communicate and remediate the incident.

Software Development Lifecycle (SDLC) Security

Giftpack implements human review processes in order to ensure consistent quality in our software development practices with high quality CI/CD process. All Giftpack’s applications and information systems that are business critical and/or process, store, or transmit Confidential data. This policy applies to all internal and external engineers and developers of Giftpack’s software and infrastructure.

Vulnerability Management

Giftpack regularly scans production infrastructure, applications and networks for vulnerabilities using off-the-shelf tools to identify potential vulnerabilities that could impact our systems.

Corporate Security

Giftpack leverages internal services which require TLS for network access and individually authenticate users by way of a central identity provider and leveraging two factor authentication (2FA) wherever possible.

Giftpack personnel undergo regular security and privacy awareness training that weaves security into technical and non-technical roles; all employees are required to participate in helping secure our customer data and company assets.

Customer Support

Giftpack provides 24/7 dedicated customer support in English, Chinese, Japanese, and Korean for all the issues our clients might be encountered when using the application or during the internal evaluation process.

SECTION 3

Enterprise-grade Compliance

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

At Giftpack, we have worked to enhance our products, processes, and procedures to ensure our practices are GDPR-compliant.

California Consumer Privacy Act (CCPA)

California Consumer Privacy Act (CCPA)

Giftpack acts as a service provider to customers under the California Consumer Privacy Act (CCPA), and we support our customers’ compliance with the CCPA.

SOC 2 Type 2

SOC 2 Type 2

Our SOC 2 Type 2 report attests to the controls we have in place governing the security of customer data as they map to Trust Service Principles (TSPs) established by the American Institute of Certified Public Accountants (AICPA).

Monitored by Vanta

Monitored by Vanta

We partner with the world-leading security monitoring platform Vanta to ensure our security is always at the top standard in real-time checking.

confetti

Security Assessment

If you need additional security assessment to evaluate Giftpack’s service, please submit your application here.

confetti