The most important thing we do is to keep our customers' data secure. Keeping iStockist secure is fundamental to our business. We would like to detail parts of what we do to ensure security and safe transmission of your data. This document is a living document. Our practice is to continuously improve and add to the security of your data. You may also be interested in our Terms of Use and Privacy Policy.
The team
Our team includes people who've played lead roles in designing, building and operating highly secure Internet facing systems. We have people with experience working with large and enterprise systems. Our team is the right team to ensure you have a safe place to do business online, and that you can securely and seamlessly integrate your data with your systems.
Secure hosting facilities
We use Google Cloud and Amazon Web Service to host our systems and data. The data centres we use all have SOC2 Type 2 reports, and provide all the physical security protection measures you would expect. Further information on the security measures taken by these cloud providers be found here:
Security is built into our systems, processes and culture
We have an automated build process so that we update our application safely and reliably within minutes. We often deploy dozens of times a day. We can rollout security updates quickly whenever they are required.
All data sent to iStockist is encrypted in transit. Our API and application endpoints are TLS/SSL only. iStockist scores an “A” rating on SSL Labs' tests. We only use strong cipher suites.
We use technologies such as Stackdriver to monitor our infrastructure and the iStockist application.
We use two-factor authentication whenever possible and ask our customers to enforce two factor authentication in their iStockist accounts. We discourage use of shared accounts on any system. We monitor and review which accounts can access our systems and the permissions they have regularly.
Our corporate network has no backdoors into our production systems.
We educate all staff and encourage forward-thinking discussion on security procedures and policies.
iStockist gives you powerful security features at your fingertips
iStockist includes advanced security features to allow organizations to manage their users, customers and wholesale ecommerce data with full control. Alongside system features like active monitoring and password quality checking, organizations get self-service features like the ability to:
- Enforce two factor authentication;
- View security logs;
- Kill active session(s);
- Lock/unlock employee or customer accounts;
- Force passwords resets.
We do not store payment details
iStockist does not store or process payments. In fact, all credit card payments made on iStockist powered wholesale ecommerce sites goes through our partner, Stripe, using Stripe Connect. Details about their security setup and PCI compliance can be found at Stripe's security page.