Política de Segurança



Security Policy

 

Overview

At Weasy, we are committed to safeguarding the data entrusted to us by our merchants and customers. From confidential customer details to payment information and product catalogs, we take the responsibility of securing, protecting, and ensuring the availability of this data seriously. Our security framework is designed to:

- Prevent unauthorized access;

- Continuously monitor for potential vulnerabilities; and

- Proactively improve to stay ahead of emerging security threats.

 

Data Protection

 

In Transit

All merchant and customer data, including names, shipping and billing addresses, order details, and payment information, is transmitted using industry-leading protocols. We employ TLS 1.2 with 128-bit or 256-bit encryption, depending on the browser. Outdated protocols like SSL v2 and SSL v3 are strictly prohibited to ensure data integrity and confidentiality.

 

At Rest

User data is hosted on PTISP servers, leveraging their advanced security features, including firewalls and virtual private networks (VPNs), to prevent unauthorized remote access. PTISP data centers undergo annual certifications to maintain the highest standards of physical and virtual security. For more details, refer to PTISP Security Practices.

 

Data Reliability

All user data is automatically backed up with multiple redundant copies. Additionally, Weasy performs independent daily system backups. User activity related to backups and sensitive data is logged and monitored for audit purposes.

 

Data Privacy

Transparency is a cornerstone of our approach to data privacy. We are clear about how we collect, use, and handle your information when you interact with our website and software. For more details, please review our Privacy Policy.

 

Report a Vulnerability

If you identify a security vulnerability within Weasy, please report it to us at info@weasy.io. We prioritize addressing vulnerabilities promptly and welcome contributions from security researchers.


Access Management

 

For Merchants

Merchant account access is secured through a combination of store-code, email, and password-based authentication via OAuth 2.0. We strongly recommend enabling two-factor authentication (2FA) for added security. Passwords are stored with unique salts, and automated challenge-response tests are in place to prevent brute-force attacks.

 

For Customers

Customer accounts are protected using email and password-based authentication, with passwords stored using unique salts. Automated challenge-response tests are also implemented to block unauthorized access attempts.

 

To Infrastructure

Access to our production systems is managed through PTISP’s control and access. Granular privileges are granted only to key personnel, ensuring strict control over infrastructure access.

 

 

 

Incident Management and Disaster Recovery

- We conduct regular recovery drills to ensure preparedness.

- Daily database backups and automatic file backups are performed, with data stored across multiple PTISP availability zones and an off-site location for at least 30 days.

- Our dedicated Infrastructure Team follows defined procedures to respond to incidents promptly.

- In the event of an incident, we will notify the affected account owner and collaborate closely to resolve the issue.

 

 

External Audits

- We engage external security experts to conduct periodic audits of our systems.

- We are committed to addressing any issues identified during these audits.

- While we currently do not hold certifications such as SAS 70, SSAE 16, SOC 2, SOC 3, or ISO 27001, we are transparent about our security practices. For more details on past audits, contact us at info@weasy.io.

 

At Weasy, security is not just a priority—it’s a promise. We continuously strive to uphold the trust our merchants and customers place in us by maintaining the highest standards of data protection, privacy, and reliability.


24/11/2024