Security Policy

Last updated: October 1, 2021.

We at Cart2Cart prioritize data security and have a set of practices, technologies and policies in place to ensure the highest level of security for your data, which this Security Policy outlines. This Security Policy is the integral part of the Privacy Policy of Cart2Cart.

1. Data Security Levels. Servers Location.

Physical Security. Servers Location

Network Security

Application Security Layer

1.1. Depending on the location of the ecommerce platform the migrations can be carried out by Cart2Cart on Hetzner servers located in Germany according to Hetzner Terms and Conditions or on Amazon Web Services (AWS) servers located in the United States of America or in any other country in which AWS maintains facilities according to AWS Customer Agreement.

1.1.1. Hetzner Online has taken measures to protect their data centers and facilities, including:

  • 24/7 surveillance to monitor access;

  • fire and natural disaster protection;

  • only authorized staff can access control terminals via a transponder key;

  • diesel power generators ensure autonomous mode of operation

Cart2Cart security team takes steps to protect your data against the most elaborate electronic attacks. The following measures are taken:

  • network firewalls

  • DDoS preventions (we use the latest hardware appliances and sophisticated security technologies, which ensure top level protection against large-scale DDoS attacks.)

  • network posture assessment

  • The exchanged data is protected by HTTPS secure protocol and 256-bit TLS encryption

  • All requests are validated

  • Role-based authorization is in place

2. Security Audits

2.1. All systems are scanned regularly to prevent any vulnerabilities. The software is being updated on an ongoing basis, so all connections to the previous version are limited, logged and checked. We guarantee 100% security of your shopping cart data before, during, and after migration.

2.2. Our security measures are directed at protecting against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data.

3. Data Access Security

3.1. Only authorized Cart2Cart tech engineers can access the source code, handle custom migration requests and work on support cases on demand of the support staff. Each of them has their own credentials and can reach certain areas of software only from specific IPs.

4. GDPR Compliance

4.1. Cart2Cart is compliant with GDPR regulations, more info on this you can find on our GDPR Compliance page.

5. PCI DSS Compliance

5.1. Cart2Cart is using 2Checkout and PayPro - certified PCI Level 1 Service Providers, the highest level of certification available in the payments industry. For more details, check fraud protection policy of 2Checkout and a compliance page of PayPro.

5.2. Note. None of your payment data is stored or processed by Cart2Cart.

If you have any questions regarding this Security Policy please contact us by emailing to [email protected] or [email protected].