SECURITY

We handle critical data for your business

Proper takes preventive measures to adher to the latest security and compliance practices globally.

Overview

At Proper, we handle critical financial data for your business. This includes information about your payments, revenue, processors, and customer information. Security is our top priority, and we take preventive measures to adhere to the latest security and compliance practices globally.

Be assured that your data is very safe with us and no information is provided to any third parties.

PCI DSS & SOC 2

Proper as been audited by a Qualified Security Assessor (QSA) and is certified to PCI Service Provider Level 1. PCI-DSS Type 1 is the most stringent level of certification available with regards to handling payments data.

Proper is SOC 2 Type 2 compliant. SOC 2 compliance demonstrates our organizational and security controls to ensure all customer data is handled appropriately.

Security Practices

This page provides an overview of our security practices & programs at Proper. For more information or a copy of our attestations, please contact security@properfinance.io.

System Security

  • All Infrastructure is hosted on AWS. See the following for more information on AWS certifications and AWS security.
  • Card data is stored on a PCI compliant network infrastructure with decryption keys stored on separate machines. All card data is inaccessible in plaintext to any system.
  • Data is encrypted-at-rest using AES 256 bit encryption.
  • Proper enforces HTTPS for all services
  • Application logs record access to customer data
  • Proper regularly performs internal & external vulnerability scans
  • We utilize backup services with our data hosting providers to reduce risk of data loss in the event of failures.
  • We perform an independent third-party penetration tests on an ongoing basis (annually, at a minimum). Penetration tests cover network security aspects as well as common web application vulnerabilities as referenced in the OWASP Top 10.

Application Security

  • Access to infrastructure providers are limited to authorized employees who require access to perform the duties of their role.
  • Access control is on a least-priveledge basis.
  • Team members are required to adhere to a minimum set of password requirements and complexity for access.
  • By default, we enforce multifactor authentication (MFA)
  • We only enable access to endpoints via certain whitelisted IP’s

Organizational Security

  • All employees undergo background checks.
  • Proper undergoes independent third-party assessments to test our security and compliance controls.
  • All team members are required to sign and adhere to an industry standard confidentiality agreement prior to their first day of work.
  • Roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well defined and documented.
  • All employees complete security training & are required to review and accept all of the security policies.
  • In the case of a (security) incident, we’re prepared with regularly-tested incident response plans and 24/7 on-call staff to react immediately and appropriately.

Welcome to the Next Generation of Financial Operations

Request a demoContact Us