Compliance

Encryption
Your information is secure both at rest and in transit. We use modern cryptographic algorithms to ensure your information is secure at all times. We use TLS 1.3 across our entire infrastructure for data in transit and symmetric algorithms of appropriate key length for data at rest. We apply database, file system and block device encryption wherever we store your information.
Secure Software Development Lifecycle
Our proprietary code is constantly scanned for vulnerabilities. Through integration with their development environments, our developers can check code to ensure that it does not contain vulnerabilities. This continues all the way through the CI/CD pipeline with ongoing checks carried out until the code is deployed to production. Deployed code is scanned daily for emerging vulnerabilities. The same applies to the third party libraries that we integrate into our code - we are informed about vulnerabilities affecting them and act accordingly in order to update those libraries as needed.
Cloud Security
We are using Amazon Web Services (AWS) to host all our systems providing maximum resiliency, scalability and security through the use of high availability infrastructure, while enjoying major benefits from the best in class AWS security. We use multiple accounts to separate environments and to create barriers between production and the rest of our infrastructure.
IaC and Production Access
There is limited human access to our production environment and all deployments take place using Infrastructure as Code (IaC) processes. IaC scripts are constantly scanned using our code scanning solution and the same applies to our container images in order to ensure that all changes to our infrastructure are secure.
System Hardening and Patching
Our systems are hardened and patched promptly, and we check for vulnerabilities along the entire lifecycle of a system. We have a robust vulnerability management policy that defines all necessary SLAs and we are committed to follow them.
Identity and User Access
We follow secure IAM practices that are constantly reviewed and updated. Access to systems is over Single Sign On (SSO) and we use automatic provisioning and de-provisioning of user accounts to minimise exposure.
Passwords and 2FA
Our employees have access to a password manager that allows everyone to use strong passwords, while at the same time we protect this access by the use of a second factor of authentication.
User Awareness and Training
Rvvup employees are well versed in the area of information security and data protection but reminders and updates are always necessary. All employees receive annual training and there are constant updates and guidance throughout the year on the topics of information security and data protection.
Data Protection
a) We are committed to ensuring that all your data protection rights are fulfilled through the use of proper processes.
b) All our practices ensure that your personal data is protected according to GDPR (e.g. lawfulness, fairness, transparency etc).
c) We are running an extensive data protection program that allows us to maintain all necessary records as needed by GDPR (e.g. DPIAs, Vendor Management Database, Record of Processing Activities etc).
d) Your personal data is protected through the implementation of all the necessary security controls.
Compliance
a) We achieved ISO 27001 certification without any findings proving that commitment to security is a top priority for Rvvup. You can see our certificate here and you can verify it here.
b) We achieved PCI DSS Service Provider Level 1 compliance, the highest level of PCI compliance for service providers. You can see our certificate here and you can search our entry in the Visa Global Registry of Service Providers here.
c) We achieved Cyber Essentials (verify here) and Cyber Essentials Plus (verify here) certifications; the UK government-backed security certification.

Highest industry standards

Transaction monitoring (KYT)

Security detail