Security Policy – Cart2Cart™

Last updated: July 20, 2023.

We at Cart2Cart prioritize data security and have a set of practices, technologies and policies in place to ensure the highest level of security for your data, which this Security Policy outlines. This Security Policy is the integral part of the Privacy Policy of Cart2Cart.

1. Data Security Levels. Servers Location.

Physical Security. Servers Location	Network Security	Application Security Layer
1.1. Depending on on the amount of data on the ecommerce platform the migrations can be carried out by Cart2Cart on Hetzner servers located in Germany or in Finland according to Hetzner Terms and Conditions and Privacy Policy or on Amazon Web Services (AWS) servers located in the United States of America or in any other country in which AWS maintains facilities according to AWS Customer Agreement.	Cart2Cart security team takes steps to protect your data against the most elaborate electronic attacks. The following measures are taken: ⦁ network firewalls ⦁ DDoS preventions (we use the latest hardware appliances and sophisticated security technologies, which ensure top level protection against large-scale DDoS attacks.) ⦁ network posture assessment	⦁ The exchanged data is protected by HTTPS secure protocol and 256-bit TLS encryption ⦁ All requests are validated ⦁ Role-based authorization is in place

Physical Security. Servers Location

Network Security

Application Security Layer

1.1. Depending on on the amount of data on the ecommerce platform the migrations can be carried out by Cart2Cart on Hetzner servers located in Germany or in Finland according to Hetzner Terms and Conditions and Privacy Policy or on Amazon Web Services (AWS) servers located in the United States of America or in any other country in which AWS maintains facilities according to AWS Customer Agreement.

Cart2Cart security team takes steps to protect your data against the most elaborate electronic attacks. The following measures are taken:

⦁ network firewalls
⦁ DDoS preventions (we use the latest hardware appliances and sophisticated security technologies, which ensure top level protection against large-scale DDoS attacks.)
⦁ network posture assessment

⦁ The exchanged data is protected by HTTPS secure protocol and 256-bit TLS encryption
⦁ All requests are validated
⦁ Role-based authorization is in place

2. Security Audits

2.1. All systems are scanned regularly to prevent any vulnerabilities. The software is being updated on an ongoing basis, so all connections to the previous version are limited, logged and checked. We guarantee 100% security of your shopping cart data before, during, and after migration.

2.2. Our security measures are directed at protecting against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data.

3. Data Access Security

3.1. Only authorized Cart2Cart tech engineers can access the source code, handle custom migration requests and work on support cases on demand of the support staff. Each of them has their own credentials and can reach certain areas of software only from specific IPs.

4. GDPR Compliance

4.1. Cart2Cart is compliant with GDPR regulations, more info on this you can find on our GDPR Compliance page.

5. PCI DSS Compliance

5.1. Cart2Cart is using PayPro - certified PCI Level 1 Service Providers or Shopify Payments - PCI compliant and supports 3D Secure checkouts. For more details, check a compliance page of PayPro or Shopify Payments (Help Center).

5.2. Note. None of your payment data is stored or processed by Cart2Cart.

If you have any questions regarding this Security Policy please contact us by emailing to [email protected] or [email protected].