Separate access controls are enforced at each layer of the GiftRocket infrastructure. Customer data is accessible only to employees whose job functions require it. All application and user access logs are stored centrally and monitored.
GiftRocket regularly undergoes both internal and external network penetration tests, and third-party code reviews. Reviews include Keyhole Assessments, SQA Application Assessments, Automated Web Application Scanning, Network Infrastructure Assessments, External Automated Vulnerability Scanning, and Internal Automated Vulnerability Scanning.
The GiftRocket API and website only allow client requests using TLS protocols. Communication between GiftRocket infrastructure and financial institutions is transmitted over encrypted tunnels.
GiftRocket does not touch or store sensitive credit card data. Our third-party credit card vault, Spreedly, has undergone PCI level 1 certification. All bank data is encrypted using the Advanced Encryption Standard (AES-128-CBC).