Security
Your data security and privacy are our top priorities
Our Security Commitment
At PickupWidget, we understand that security is fundamental to your business operations. We implement industry-leading security measures to protect your data, your customers' information, and your business operations.
Data Protection
End-to-End Encryption
All data transmitted between your website, our servers, and your customers is encrypted using industry-standard TLS 1.3 encryption protocols.
Data Encryption at Rest
Your data is encrypted when stored in our databases using AES-256 encryption, ensuring protection even if physical storage is compromised.
Access Controls
Strict access controls ensure only authorized personnel can access your data, with all access logged and monitored.
Regular Backups
Automated, encrypted backups are performed regularly and stored in geographically distributed locations for disaster recovery.
Infrastructure Security
Cloud Security
Our infrastructure is hosted on enterprise-grade cloud platforms with built-in security features, including DDoS protection and network isolation.
Monitoring & Alerts
24/7 security monitoring with automated threat detection and immediate alerting for any suspicious activities or potential security incidents.
Regular Security Audits
We conduct regular security audits and penetration testing to identify and address potential vulnerabilities before they can be exploited.
Compliance Standards
Our security practices align with industry standards including SOC 2, GDPR, and PCI DSS requirements for payment processing.
Application Security
- Secure Authentication: Multi-factor authentication and secure session management
- Input Validation: All user inputs are validated and sanitized to prevent injection attacks
- Rate Limiting: Protection against brute force attacks and API abuse
- HTTPS Only: All communications are encrypted and secured with HTTPS
- Security Headers: Implementation of security headers to prevent common web vulnerabilities
- Regular Updates: Continuous security updates and patches for all system components
Privacy & Data Handling
Data Minimization
We only collect and store data that is necessary for providing our services, following the principle of data minimization.
Data Retention
Clear data retention policies ensure that data is only kept as long as necessary and is securely deleted when no longer needed.
User Rights
You have full control over your data, including the right to access, modify, export, or delete your information at any time.
Third-Party Security
All third-party integrations undergo security assessments and must meet our security standards before integration.
Incident Response
In the unlikely event of a security incident, we have a comprehensive incident response plan:
- Immediate Detection: Automated systems detect and alert our security team
- Rapid Response: Our security team responds within minutes to contain any threats
- Investigation: Thorough investigation to understand the scope and impact
- Communication: Transparent communication with affected customers within 24 hours
- Resolution: Complete resolution and implementation of preventive measures
- Follow-up: Post-incident review and security improvements
Security Best Practices for Users
Strong Passwords
Use unique, complex passwords and enable two-factor authentication when available.
Regular Updates
Keep your website platform and plugins updated to the latest versions.
Access Management
Regularly review and manage user access to your PickupWidget dashboard.
Monitor Activity
Regularly review your account activity and report any suspicious behavior immediately.
Report Security Issues
If you discover a security vulnerability or have security concerns, please report them immediately:
Responsible Disclosure
We appreciate responsible disclosure of security vulnerabilities and will work with researchers to address issues promptly and fairly.
Questions?
If you have questions about our security practices or need additional information, please don't hesitate to contact us.