Our PCI DSS Level 1 certified infrastructure, enhanced monitoring and additional levels of security ensure that all data is safe.
Salestar uses a PCI DSS Level 1 service provider. All customer payment data is encrypted and stored in isolated air gapped networks.
Human access to customer payment data is not possible, only programmatic access from specific resources. Access by Salestar employees is strictly forbidden, and in fact not possible through using identity based access.
Salestar utilizes encryption for all communication, programmatic access and data storage. The web app, API and websocket are only accessible via HTTPS and TLS.
Customer payment data is encrypted before stored and again encrypted at rest. Internal systems with separate access permissions ensure that encrypted data is never exposed when transmitted between resources, and only specific resources can decrypt the data.
Salestar is hosted by AWS, which offers a suite of monitoring tools to detect and prevent malicious actors. Internal custom monitoring is also implemented.
AWS services we utilize include AWS WAF for all inbound requests, AWS Cloudtrail for logging account actions and access, AWS Shield for monitoring application traffic and AWS GuardDuty to monitor and detect threats using machine learning.
Salestar's entire infrastructure is built using serverless computing, which removes many traditional attack vectors. Security concerns associated with running servers such as IP and denial of service attacks are eliminated.
Serverless executions are also stateless, thus in-memory data is erased soon after execution. Every endpoint is protected by AWS WAF and routed via AWS API Gateway, which provides additional levels of enhanced security.