Security

ItsPayd takes the security of the data it accesses and uses seriously. We take a multi-tiered approach to security that includes protecting and minimizing the amount and type of sensitive data that we maintain, following best practices regarding the storage and transmission of data, and only partnering with trusted providers.

Internal Controls

ItsPayd follows industry best practices to ensure that data remains safe. We require any access to ItsPayd websites to be encrypted via SSL. We additionally require that any files transferred to facilitate automation processes are done so in an encrypted state. Passwords are secured using one-way hashing with salts using algorithms designed to be computationally difficult to hack.

The most effective way to prevent or limit an information breach is to not have the data in the first place, and we only collect the minimum information required. ItsPayd seeks to limit the amount of sensitive information that we collect and maintain, both in transit and at rest, wherever possible. ItsPayd does not collect, store or process payment data, including credit card information. That information is passed directly to our payment processor without ever touching ItsPayd servers. In addition, any funds that are collected are deposited directly into your merchant account (less any applicable transaction fees.)

Trusted Providers

  • ItsPayd has chosen providers that employ the highest standards for data security
  • ItsPayd requires that our vendors are PCI compliant if required.
  • ItsPayd utilizes a third-party auditor to conduct periodic vulnerability scans and assessments.

Our partners and providers currently include:

  • Braintree: Braintree is owned by Paypal, and is a validated Level 1 PCI DSS Compliant Service Provider. They are on Visa's Global Compliant Provider List and MasterCard's SDP List. More information on Braintree's security infrastructure can be found here: Braintree Security Policy
  • Dwolla: Dwolla, Inc. is an agent of Veridian Credit Union and Compass Bank and is the operator of a software platform that communicates user instructions for funds transfers to Veridian Credit Union and Compass Bank. More information on Dwolla’s security infrastructure can be found here: Dwolla Security Policy
  • Twilio: ItsPayd utilizes Twilio solely for communication to your customers via SMS. More information on their security infrastructure can be found here: Twilio Security Policy
  • Heroku: Heroku is owned by SalesForce, and uses data centers that have been accredited under ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX). More information on their security infrastructure can be found here: Heroku Security Policy
Powered by itspayd