Security & PCI Compliance
At Yarteez, protecting your data and ensuring secure payment processing is our top priority
PCI DSS Compliance
Payments are processed by Stripe, a PCI-DSS v4.0 Level 1 service provider. No card data is stored on Yarteez servers.
As a merchant service provider, we maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS) requirements for handling cardholder data:
- We maintain a secure network and systems
- We protect cardholder data through encryption and secure transmission
- We maintain a vulnerability management program
- We implement strong access control measures
- We regularly monitor and test our networks
- We maintain an information security policy
Yarteez completes an annual PCI DSS assessment and maintains SAQ-A compliance documentation.
Data Security Measures
We implement comprehensive security measures to protect your data:
- Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption
- Secure Infrastructure: Our platform is hosted on AWS with industry-standard security controls
- Regular Security Audits: We conduct regular security assessments and penetration testing
- Access Controls: Strict role-based access controls and multi-factor authentication
- Monitoring: 24/7 security monitoring and intrusion detection
- Backup & Recovery: Regular data backups and disaster recovery procedures
- Vendor Management: We ensure all third-party service providers maintain appropriate security standards
SSL/TLS Encryption
Our website and services use industry-standard SSL/TLS encryption to protect data transmission:
- We use SHA-256 with RSA encryption
- We support TLS 1.2 and higher
- We implement HSTS (HTTP Strict Transport Security)
- We regularly update our certificates and security protocols
- We enforce secure cipher suites
You can verify our SSL certificate by clicking the padlock icon in your browser's address bar when visiting our website.
Privacy Protection
We are committed to protecting your privacy:
- We collect only the information necessary to provide our services
- We do not sell or share your personal information with third parties for marketing purposes
- We provide transparent information about how we use your data
- We respect your data rights under applicable privacy laws
- We maintain a comprehensive Privacy Policy
Incident Response
We have established procedures to address security incidents:
- A dedicated security team monitors for potential threats
- We maintain a formal incident response plan
- We conduct regular security drills and tabletop exercises
- We have notification procedures in place for affected users
- We continuously improve our security measures based on incident learnings
Compliance Certifications
In addition to PCI DSS compliance, we maintain the following security certifications and comply with relevant regulations:
- SOC 2 Type II: We undergo annual SOC 2 audits to verify our security, availability, and confidentiality controls
- GDPR: We comply with the European Union's General Data Protection Regulation
- CCPA: We adhere to the California Consumer Privacy Act requirements
- ISO 27001: Our information security management system follows ISO 27001 standards
- NIST Cybersecurity Framework: We align our security practices with NIST guidelines
- Regular Penetration Testing: We conduct third-party security assessments
Questions about our security practices?
We're committed to transparency. If you have any questions about our security measures or compliance certifications, please contact us.
Contact Our Security Team