Updated: May 14, 2018
Punchpass hosts data from both our clients, as well as their customers. We take this responsibility seriously, not just because it’s the law, but because it’s how we would want our data handled. Below are more details about how we handle your data to keep it safe and secure.
After 60 days cancelled client data is removed from our systems. Punchpass provides tools to help clients get their data out of Punchpass should they choose to - we believe it’s your data.
Call us old-school, but we make money by charging our clients a monthly fee. We do not, under any circumstances, ever sell data to 3rd party services for marketing or any purpose.
Any modern web application uses a number of different specialized applications in order to serve their customers, and we are no different. For example we use Intercom for customer support, Rollbar for error tracking, Stripe to process credit card payments, and Postmark to send transactional emails. Our service is hosted on Heroku/Amazon Web Services (more info below.)
These services help Punchpass run more reliably, efficiently, and safely. We strongly believe that using best-in-class services makes your data safer and more secure.
Punchpass is hosted on Heroku, which runs on Amazon Web Services (AWS.) AWS has become the gold standard in cloud infrastructure hosting, allowing Punchpass to scale globally. More information can be found at the AWS Security Center.
Currently our logs and backups are kept for one year and then deleted automatically. We are exploring ways to reduce the amount of time these are kept, while also making sure we keep the security of our existing customers in mind.
All Punchpass applications and communication use SSL, which creates a secure connection and keeps data safe.
All payment processing is handled by Stripe, a certified Level 1 PCI Service Provider (the most stringent level of certification available). Any credit card data is submitted directly to Stripe via JavaScript over a secure SSL connection. The payment data never touches our servers.
We will quickly investigate any reported security issues. If you’ve discovered a security bug, please send an email to security@punchpass.com. We will try to respond within 24 hours and request that you not publicly disclose the issue until we can address it.
For specific concerns regarding GDPR visit our Privacy Policy
Specific questions? Please contact us at hello@punchpass.com and we’ll get right back to you.
