Regpack Security FAQ

regpack security, compliance, and data protection faq ### business location and hours regpack headquarters is located in oakland, california office hours are monday to friday, 9 a m to 6 p m pacific standard time ### information security responsibilities and pci compliance regpack is pci 2 compliant and undergoes daily scans and independent audits to confirm compliance payment data is stored on pci 1 compliant servers with security measures including encrypted apis restricted ip access rotating credentials custom protection algorithms client violations of pci regulations (e g , collecting payment data outside authorized forms or sharing login credentials) will result in immediate account suspension and data purging ### admin and data access admins manage their system’s back end (users, payments, settings, etc ) regpack staff may access back end data only when needed for support , and all staff have signed ndas to protect client data ### user account management users manage their own accounts admins can disable accounts regpack provides software and guidance; user management is the responsibility of the client ### technology stack and web application firewall (waf) regpack employs a best in class waf to filter database attacks at the transmission level and limits data per ip/request to prevent mass extraction ### data encryption and transmission sensitive data is encrypted with unique keys per user only authorized algorithm components (project, user, server, time of encryption) allow decryption ### physical data center security regpack servers are behind a physical firewall managed by a dedicated security team access is denied unless specifically approved ### intrusion detection & authentication ips/ids yes failed logins admins are notified after the 2nd failed attempt two factor authentication required for all admin accounts ### code security and audits regular internal code audits all code written by internal team no release to production unless it passes security review pci level 2 compliant since 2010 weekly pci scans, monthly external scans owasp top 10 compliance ### chd & pii security and breach notification internal team reviews all code clients will be informed of any breach within 72 hours ### backup and recovery hourly delta backups daily full data backups weekly full system backups data recovery within 24–48 hours by regpack infosec team all backups are encrypted and securely stored ### security team and management commitment yes, regpack has a dedicated security team , and management prioritizes information security ### staying current with security best practices regpack undergoes third party audits to ensure up to date compliance and security integrity ### data protection responsibilities regpack uses rackspace managed security for hourly scans and weekly penetration testing servers are reviewed daily for integrity ### data location and infrastructure regpack uses a split database mechanism to encrypt and mask data data is stored securely, and hosted infrastructure is physically managed by regpack ### data ownership and jurisdiction clients retain full ownership of their data https //www regpacks com/end user privacy policy/ https //www regpacks com/privacy policy/ governed under the state of california ### contract termination and data deletion cancellations require 30 day written notice to mailto\ payments\@regpacks com on cancellation, all data is purged immediately unless required by law to retain suspended accounts are retained for 6 months before requiring renewal or cancellation for questions about any of these policies or further details, contact mailto\ support\@regpacks com