
Your data security is our top priority.

COMPLIANCE
Vend complies with all the necessary security standards and regulations.
In addition to complying with the Payment Card Industry Data Security Standard (PCI DSS), Vend implements strict controls across our platform to abide by the EU's General Data Protection Regulation (GDPR) regarding the processing of personal data of individuals residing in the European Union (EU).
Vend also engages in various forms of penetration testing. Aside from conducting annual internal and external penetrations of Vend's office networks, we engage with independent parties to conduct application-level and infrastructure-level penetration tests at least once a year. The results of these tests are documented in our Vulnerability Management Policy and Procedures.
Vend is hosted by Amazon Web Services (AWS). You can access all AWS compliance and audit reports through the AWS Artifact portal.

INFRASTRUCTURE AND ENDPOINT SECURITY
We keep our network safe and secure against unauthorized access.
We’re constantly enforcing measures to keep Vend's network safe and secure. Such measures include system monitoring, logging, and alerting, as well as Distributed Denial-of-Service (DoS) Protection through AWS Sheild Advanced.
And to protect Vend from unauthorized access via remote devices, all company-issued devices to our employees are configured, updated, and tracked by Vend's endpoint management solutions. By default, Vend workstations are equipped with data encryption, firewalls, and strong passwords.
We also centrally manage access to Vend's network and applications, and we continuously audit access and privileges so they're in line with Vend's Access Control Policy.

ORGANIZATIONAL SECURITY
We're continually educating Vend employees on all things security.
We want to make sure that everyone who works at Vend understands how to protect themselves — and Vend retailers — from threats.
To that end, we conduct employee background checks to verify each candidate's education and employment. Once hired, all Vend employees are expected to adhere to Vend's security policies, and the Security team closely monitors compliance.
Vend also conducts security awareness training for all Vend employees once a year. The program covers everything from data classification and handling to password hygiene, physical security, and more.

APPLICATION SECURITY
We ensure that the Vend app is secure and data is well-protected.
How do we ensure a safe and secure experience when using the Vend app? For starters, all data transmitted through Vend are encrypted using the latest recommended secure cipher suites. We protect login confidentiality by hashing passwords using the bcrypt algorithm.
We protect the Vend app from brute force attacks by implementing rate limiting and a check to see if you’re human. Plus, all secret keys used in Vend's product and app infrastructure are encrypted in AWS. Any changes made to production apps and infrastructure are strictly controlled, and we closely review any changes before implementing them.
We're always monitoring and testing for dependencies and vulnerabilities. We invite security researchers to put Vend’s security to the test through Vend’s public bug bounty program hosted on Bugcrowd so we’re always aware of any weaknesses that need to be corrected.

PHYSICAL SECURITY
We protect Vend hardware, software, networks, and personnel from physical actions that can comprise security.
A huge component of data security lies in protecting Vend from physical threats. This is why all Vend offices are controlled by badge access, alarm systems, and cameras. Every office also has shredders and secure bins for handling sensitive paper materials.
Vend's production infrastructure is located in AWS data centers, where physical access is strictly controlled by security staff, video surveillance, intrusion detection systems and more.

OPERATIONAL SECURITY
We run a tight ship with our vendors and procedures.
When a security incident occurs at Vend, we immediately initiate our incident response (IR) procedures to identify, contain, and resolve the issue ASAP.
Regarding vendor management, Vend has an established and documented process for engaging a new vendor or supplier which involves an inventory of the asset, security risk assessment, and a legal review.