Encryption for Data-in-Transit
We utilize secure, encrypted, and authenticated connections with desktops, smartphones, and tablets for all sessions. Cartizen forces pinned HTTPS for all services, including our apps, public websites, and all of our brands’ public websites. We also use HSTS to ensure browsers interact with Cartizen properties only over HTTPS. Our sites are regularly scanned and we use the most stringent encryption possible, which sometimes means we’ll ask you to upgrade your web browser. We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support.
Encryption for Data-at-Rest
We encrypt our storage and databases with a minimum of 256-bit AES keys, and our infrastructure for handling sensitive data doesn't share any credentials with Cartizen’s other services (apps, APIs, websites, etc.). We follow bank-grade best practices.
As a result of our philosophy, preparedness, and architecture, we never store any payment card data at any time and we segregate sensitive data across our entire suite of apps and services, including our mobile apps and cloud software. Any device running our apps is effectively “dumb” and also never stores any payment or sensitive data. Therefore, we have drastically reduced the footprint of sensitive information
We operate on a need-to-know basis, whereby only employees who have both been background-checked and a have a direct need (such as system maintenance or upgrades) are allowed to access any areas with sensitive data. Access to those sensitive environments require multi-factor authentication and every action within those environments is logged on a separate system with executive-only level access, which are also protected by strong passwords and multi-factored authentication.
Redundancy, Business Continuity, and Disaster Recovery
Detailed disaster recovery, business continuity, and incident response plans have been prepared to ensure proper protection of data in an emergency. Our customers’ data is stored in secure, high availability data centers with logical and geographic redundancy.