The security of our customer’s data is of the utmost importance to us. This document gives an overview of both the technical and organizational measures that we have put in place to keep your data safe.
General data security
All our employees are trained on security practices regularly. We use a variety of industry-standard technologies and services to secure your data from unauthorized access, disclosure, use and loss. Security is directed by Buckles’ Head of Engineering and maintained by Buckles’ Security & Operations team.
Our databases and application are hosted in Google-owned datacenters in Eemshaven, The Netherlands. These data centers pass strict safety requirements and certifications such as ISO 27001, ISO 27017, ISO 27018, and are also GDPR-compliant.
We encrypt data whenever possible. This means both while it is transported using industry-standard TLS and while it is stored. The disks in datacenters are all encrypted at rest via Google Cloud Platform. We use modern TLS implementations and strong cypher choices.
Buckles’ Payment method and SEPA direct debit are handled by Mollie, which has been audited by an independent PCI Qualified Security Assessor and is certified as a PCI Level 1 service provider, the most stringent level of certification available in the payments industry. Buckles does not typically receive credit card data, making it compliant with Payment Card Industry Data Security Standards (PCI DSS) in most situations.
To ensure the safety and consistency of your data, we regularly back up your data off-site. Our application is cloud-based and can be run from any infrastructure.
We take great care not to lose your products or any orders. This is why we are strict about data consistency. We use stable and mature relational database technology and a strongly typed data model to realize this.
By default, Buckles automatically anonymizes any of your customer data that is handled, for e.g. order connections, after 90 days. Amazon is an exception to this, as data is anonymized after 30 days. Buckles will only retain certain information that is fundamental to ensure that processes can be performed optimally.
Actions within our tool are logged and tracked by application monitoring platforms as described in our list of subprocessors. We also keep detailed statistics about the performance of our infrastructure. Found a problem? Please contact us as soon as possible at firstname.lastname@example.org.