Security and Compliance
Security & Compliance

Shopalyst has processes and controls in place to ensure that customer data is secure on our platform. Security is at the heart of our product development life cycle, achieved by ingesting security reviews/tests in every stage of software development pipeline.

Security Controls
Access Control

User access to all applications on Shopalyst platform is secured with two factor authentication. Role based access control ensures that users can only access information they are permitted to.

Application security

Shopalyst uses DevSecOps methodology for continuous monitoring and improvement of application security. DevSecOps pipeline includes static application security testing and vulnerability scanning of hosts & containers.

Server security

Hosted in isolated private networks, Shopalyst servers are protected with advanced firewalls and next generation threat/malware detection/prevention solutions

Network security

Shopalyst servers and applications are protected from Distributed Denial of Service (DDoS) attacks and other threats such as SQL Injection and Cross-Site Scripting

Endpoint security

All endpoint devices are protected with advanced endpoint detection and response (EDR) solutions driven by machine learning and artificial intelligence

Data encryption

All data in transit is secured using recommended TLS protocol versions and all applications enforce SSL traffic. Personal/sensitive data at rest is encrypted using industry standard encryption algorithms

Availability

Shopalyst applications have a guaranteed uptime of 99.5%. Redundant infrastructure, continuous monitoring and automated backups/failover mechanisms ensure minimum downtime in the event of an outage

Monitoring

Continuous monitoring and alerting is in place for application/infrastructure outages, critical configuration changes and other security incidents. All access to infrastructure and cloud environment is monitored and logged.

Security Testing

Shopalyst applications and infrastructure are periodically tested for security issues/vulnerabilities by certified 3rd party agencies

Compliance, attestations & certifications
SOC 2 Type 2


Shopalyst is SOC 2 Type 2 attested on all 5 trust service criteria - Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Principles and Criteria)
Read our Announcement here

PCI DSS




Shopalyst applications which handle payment data is PCI DSS certified. View Certificate

GDPR

Shopalyst is compliant with data privacy regulations of countries where it operates, including General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). For more details see Shopalyst Privacy Policy