Security Capabilities and Policy for Transmission of Payment Card Details
Effective Date: 2024-05-23
1. Introduction
Blotter Ltd. ("Blotter", "we", "us", or "our") is dedicated to protecting the security and privacy of our users' and publishers' payment details. This policy outlines the security measures we have in place to ensure the secure transmission and storage of payment information, including card details and payout information.
2. Security Measures
2.1 Encryption
We use industry-standard encryption protocols to protect payment details during transmission over the internet. This includes:
- SSL/TLS Encryption: All payment transactions, including payouts to publishers, are secured using Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols to encrypt data during transmission.
- End-to-End Encryption: Payment and payout details are encrypted from the moment they are entered by the user or publisher until they are securely transmitted to our payment processor, Stripe.
2.2 Secure Storage
We do not store payment card details or payout information on our servers. Instead, we utilize Stripe's secure payment processing infrastructure, which is compliant with the Payment Card Industry Data Security Standard (PCI DSS). Stripe handles the storage, processing, and transmission of payment and payout information on our behalf.
2.3 Tokenization
Stripe uses tokenization to protect payment and payout details. When users or publishers enter their payment information, Stripe replaces the card or bank details with a unique token that can be used for future transactions or payouts without exposing the actual information.
3. Compliance and Best Practices
3.1 PCI DSS Compliance
Stripe is certified as a PCI Level 1 Service Provider, the highest level of certification available in the payments industry. This ensures that all payment card transactions and payouts processed through Stripe are handled in a secure and compliant manner.
3.2 Regular Audits and Monitoring
Blotter and Stripe conduct regular security audits and monitoring to detect and prevent any unauthorized access or vulnerabilities. This includes:
- Regular Vulnerability Scans: To identify and mitigate potential security risks.
- Security Penetration Testing: To evaluate the security of our systems against potential threats.
3.3 Employee Training
Our employees undergo regular training on security best practices and the importance of protecting user and publisher data. Access to sensitive payment and payout information is restricted to authorized personnel only.
4. User and Publisher Responsibilities
4.1 Strong Passwords
We encourage our users and publishers to create strong, unique passwords for their accounts and to change their passwords regularly to prevent unauthorized access.
4.2 Secure Access
Users and publishers should ensure that they access our Services through secure networks and avoid using public or unsecured Wi-Fi when entering payment or payout information.
5. Incident Response
5.1 Data Breach Notification
In the unlikely event of a data breach involving payment or payout details, Blotter will promptly notify affected users and publishers, and relevant authorities, in accordance with applicable laws and regulations. We will provide information about the nature of the breach, the data affected, and the steps we are taking to address the issue.
6. Contact Us
If you have any questions or concerns about our security measures or the protection of your payment or payout details, please contact us at support@blotter.fyi.