Security
We take security and privacy very seriously. We continually improve our security methods so that they are always up to date.
HTTPS for everyone01
All Pomatio sites include a secure connection thanks to AWS’ SSL certificate issuance technology and Let’s Encrypt (for email encryption).
Payments with Stripe02
We use Stripe as a payment method provider for our clients. Stripe has been audited by a PCI (Payment Card Industry Data Security Standard) certified auditor and is certified by the PCI Level 1 Service Provider. This is the most stringent level of certification available in the industry.
All customer payment information is encrypted and is not stored by Pomatio but by Stripe.
GDPR compliance03
European General Data Protection Regulation.
All contact forms that we create on our websites, cookie notices and other measures comply with the GDPR. We are here to answer any questions and resolve any concerns about how we protect your personal data and how we comply with the GDPR.
Email encryption04
Pomatio supports TLS encryption on all incoming and outgoing emails.
No surprises05
We do not make changes to live code or running servers in production. All changes go through a manual code review and are safely implemented.
Always up to date06
We keep our software up-to-date and constantly monitor security notifications for all third-party software libraries that we use and, if identified, we immediately apply any relevant security patches as soon as they are released. Our engineers work to ensure that all Pomatio code and infrastructure follow a secure development cycle.
Infrastructure07
All of our data is hosted on the infrastructure of our provider AWS, which is certified in accordance with ISO / IEC 27001: 2013, 27017: 2015, 27018: 2019, 27701: 2019, 9001: 2015 and CSA STAR CCM v3. .0.1. These internationally recognized standards for information security certify that an information security management system (ISMS) has been established and implemented. More info.
These certifications confirm that strict safety standards will be upheld. The data is stored in data centers controlled by the company and only those company members who had a legitimate need to access such information could do so.
Data centers are protected with a variety of physical controls to prevent unauthorized access.
Our infrastructure is designed with redundancy, automated daily backups, complete firewall protection, private IP addresses, and other security features. More about our infrastructure.