The security of your customer’s data is of great importance to us. This document gives an overview of the technical and organizational measures we have put in place to keep this data safe.
General data security
All our employees are trained on security practices regularly. We use various industry-standard technologies and services to secure your data from unauthorized access, disclosure, use and loss. Security is directed by Buckles’ Head of Engineering and maintained by Buckles’ Security & Operations team.
Our databases and application are hosted in AWS datacenters in Frankfurt, Germany. These data centres pass strict safety requirements and certifications such as ISO 27001, ISO 27017, ISO 27018 and are also GDPR-compliant.
We encrypt data whenever possible. This means both while it is transported using industry-standard TLS and while it is stored. The disks in datacenters are all encrypted at rest via Customer Managed. We use modern TLS implementations and strong cypher choices such as SHA512.
Buckles’ Payment method and SEPA direct debit are handled by Mollie, which has been audited by an independent PCI Qualified Security Assessor and is certified as a PCI Level 1 service provider, the most stringent level of certification available in the payments industry. In most situations, Buckles does not typically receive credit card data, making it compliant with Payment Card Industry Data Security Standards (PCI DSS).
To ensure the safety and consistency of your data, we regularly back up your data. Our application is cloud-based and can be maintained from any infrastructure.
We take great care not to lose your order data or any products. This is why we are strict about data consistency. We use stable and mature relational database technology and a strongly typed data model to enforce this.
By default, Buckles automatically anonymizes any of your customer’s data that has been stale for 365 days. Buckles will only retain certain information that is fundamental to ensure that processes can be performed optimally now and in the future.
Actions within our tool are logged and tracked by application monitoring platforms as described in our list of subprocessors. We also keep detailed statistics about the performance of our infrastructure. Found a problem? Please get in touch with us as soon as possible at email@example.com.