Customer trust and data security are critical to everything we do at Paytient.
Paytient enforces a password complexity standard and credentials are stored using bcrypt.
We strive to have an uptime of 99.9% or higher. You can check our past month stats at https://status.paytient.co
Paytient services and data are hosted in Amazon Web Services (AWS) facilities in the USA.
Paytient was built with disaster recovery in mind. All of our infrastructure and data are spread across 2 AWS availability zones and will continue to work should any one of those data centers fail.
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.
On an application level, we produce audit logs for all activity, ship logs to Datadog for analysis and use S3 for archival purposes.
Access to data is limited to authorized employees who require it for their job. Paytient is served 100% over https. We have 2-factor authentication (2FA) and strong password policies on GitHub, Google, and AWS to cloud services are protected.
All data sent to or from Paytient is encrypted in transit. Our API and application endpoints are TLS/SSL only. We also encrypt data at rest using an industry-standard encryption algorithm.
Paytient implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.
All employees complete Security and Awareness training annually.
Paytient has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
Paytient performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.
All employee contracts include a confidentiality agreement.
If you think you may have found a security vulnerability, please get in touch with our security team at firstname.lastname@example.org.