Type above and press Enter to search. Press Esc to cancel.

Developer security requirements

Version dated 26 March 2015

Back to main page

Vend takes the security of its data – and that of its retailers and their customers – very seriously. If you wish to integrate an app or add-on with the Vend platform, then (in addition to your other obligations as a Vend Developer) you must ensure that any Vend data (including data relating to retailers and their customers) held in your systems is stored securely in accordance with security best practices, and – as a minimum – in accordance with these Security Requirements.

Any failure to implement and maintain these Security Requirements will be regarded as a breach of the Vend Developer Program Terms, and may result in your Developer status being revoked and your apps and add-ons being disconnected from the Vend platform.

SSL

At a minimum, SSL should be used for log-in pages or any other pages where data or personal information is being entered, though we recommend that all logged-in pages are secured with SSL.

Sensitive data

Data should be stored with security that is appropriate to its sensitivity. Data such as the Vend Entrust certificate issued with apps or add-ons, and the signing certificates used to sign requests are highly sensitive and should be stored securely and subject to strict access controls.

Access Control

You should put in place control mechanisms to make sure that access to data is restricted to operational staff that need it, and that you have appropriate policies and training in place for those staff regarding data use and security.

Hosting

You should ensure that your hosting environments won’t allow others to access the Vend API or your API credentials, or access any data from Vend or retailers. For this reason, we recommend that you don’t use a shared hosting environment.

Security breaches

If you become aware of any breach of security which could impact Vend retailer data, API certificates or tokens, personal information or other sensitive information, or suspect that one may have occurred, you must notify Vend immediately by emailing [email protected].

Privacy

You (and the way in which you store and use personal information) must meet the Vend Developer Minimum Privacy Standards, as well as applicable privacy laws. Among other things, this means that you must have a privacy policy which you make available to users of your app or add-on.

Legal requirements

In addition to these Security Requirements, you must ensure that you meet any legal obligations you might have under applicable laws (such as privacy laws) to keep data secure.