Security

SECTION 1

Secure and reliable infrastructure

Giftpack uses Google Cloud Platform (GCP) for secure and resilient hosting of staging and production environments. Giftpack leverages multiple availability zones to redundantly store customer data. GCP data centers are monitored by 24-7 security, biometric scanning, video surveillance and are continuously certified across a variety of global security and compliance frameworks.

SECTION 2

World Class Application Security

Data Encryption

Data is encrypted in-transit using TLS 1.2+, 1.3 and at-rest using an industry standard AES-256 encryption algorithm. All the Internet payloads are encrypted with EV SSL (Enterprise level of Secure Sockets Layer), you can view the certification on your browser directly.

Know Your Customer (KYC) Practices

Know Your Customer (KYC) is a crucial process used by businesses to verify the identity of their customers, assess potential risks, and prevent fraudulent activities. It involves collecting and verifying personal information and documents from customers to ensure they are legitimate and comply with regulatory standards. Giftpack Inc, a leading provider of personalized gifting solutions, takes KYC seriously to maintain the integrity of its platform. When customers register on the Giftpack website, they are required to provide accurate personal information and upload relevant identification documents before start purchasing the specific catalog of products. The submitted documents are then carefully reviewed by Giftpack's dedicated team to verify the authenticity of the customers' identities. This meticulous KYC process not only helps Giftpack establish a trustworthy user base but also ensures a secure environment for both customers and the company itself.

Two-Factor Authentication (2FA)

Two-factor authentication (2FA) is a security mechanism that adds an extra layer of protection to online accounts. It requires users to provide two different authentication factors before granting access to an account. One factor is typically something the user knows, like a password, and the second factor is something the user has or is, such as a unique code sent to their phone or email. Giftpack implements 2FA to enhance the security of user accounts. When a user logs in, they enter their password as the first factor, and then Giftpack sends a verification code to the user's registered email or mobile device. This code serves as the second factor, ensuring that only authorized users can access their accounts and reducing the risk of unauthorized access. The user remains the right to turn 2FA off by accepting the potential insecure consequences.

Single Sign-On (SSO)

SSO allows you to authenticate users in your own systems without requiring them to enter additional login credentials. Single sign-on is a federated identity management (FIM) arrangement, and the use of such a system is sometimes called identity federation. OAuth, which stands for Open Authorization and is pronounced "oh-auth," is the framework that enables an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password. OAuth acts as an intermediary on behalf of the end user by providing the service with an access token that authorizes specific account information to be shared. When a user attempts to access an application from the service provider, the service provider will send a request to the identity provider for authentication. The service provider will then verify the authentication and log the user in.

Data Permission and Authentication

Access to customer data is limited to authorized employees who require it for their job and data access is logged with SoC2 standard. Giftpack classifies data and information systems in accordance with legal requirements, sensitivity, and business criticality in order to ensure that information is given the appropriate level of protection. Data owners are responsible for identifying any additional requirements for specific data or exceptions to standard handling requirements.

Incident Response

Our incident response program addresses events which cause disruptions to the quality of our service. This includes defined escalation paths and engaging the appropriate teams to investigate, communicate, and remediate the incident.

Software Development Lifecycle (SDLC) Security

Giftpack implements human review processes in order to ensure consistency in our software development practices with high quality CI/CD process. All Giftpack’s applications and information systems that are business critical and/or process, store, or transmit Confidential data. This policy applies to all internal and external engineers and developers of Giftpack’s software and infrastructure.

Vulnerability Management

Giftpack regularly scans production infrastructure, applications and networks for vulnerabilities using off-the-shelf tools to identify potential threats that could impact our systems.

Corporate Security

Giftpack leverages internal services which require TLS for network access and individually authenticate users by way of a central identity provider and leveraging two factor authentication (2FA) wherever possible.

Giftpack personnel undergo regular security and privacy awareness training that weaves security into technical and non-technical roles; all employees are required to participate in helping secure our customer data and company assets.

Customer Support

Giftpack provides 24/7 dedicated customer support in English, Chinese, Japanese, and Korean for all the issues our clients might encounter when using the application or during the internal evaluation process.

SECTION 3

Enterprise-grade Compliance