Shopalyst has processes and controls in place to ensure that customer data is secure on our platform. Security is at the heart of our product development life cycle, achieved by ingesting security reviews/tests in every stage of software development pipeline.
User access to all applications on Shopalyst platform is secured with two factor authentication. Role based access control ensures that users can only access information they are permitted to.
Shopalyst uses DevSecOps methodology for continuous monitoring and improvement of application security. DevSecOps pipeline includes static application security testing and vulnerability scanning of hosts & containers.
Hosted in isolated private networks, Shopalyst servers are protected with advanced firewalls and next generation threat/malware detection/prevention solutions
Shopalyst servers and applications are protected from Distributed Denial of Service (DDoS) attacks and other threats such as SQL Injection and Cross-Site Scripting
All endpoint devices are protected with advanced endpoint detection and response (EDR) solutions driven by machine learning and artificial intelligence
All data in transit is secured using recommended TLS protocol versions and all applications enforce SSL traffic. Personal/sensitive data at rest is encrypted using industry standard encryption algorithms
Shopalyst applications have a guaranteed uptime of 99.5%. Redundant infrastructure, continuous monitoring and automated backups/failover mechanisms ensure minimum downtime in the event of an outage
Continuous monitoring and alerting is in place for application/infrastructure outages, critical configuration changes and other security incidents. All access to infrastructure and cloud environment is monitored and logged.
Shopalyst applications and infrastructure are periodically tested for security issues/vulnerabilities by certified 3rd party agencies
Shopalyst is SOC 2 Type 2 attested on all 5 trust service criteria - Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Principles and Criteria)
Read our Announcement here
Shopalyst's Information Security Management System is certified to conform to the requirements of ISO/IEC 27001:2013
View Certificate
Shopalyst applications which handle payment data is PCI DSS certified.
View Certificate
Shopalyst is compliant with data privacy regulations of countries where it operates, including General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). For more details see
Shopalyst Privacy Policy
Shopalyst's Information Security Management System is certified to conform to the requirements of ISO/IEC 27017:2015 - code of practice for information security controls based on ISO/IEC 27002 for cloud services
<!-- (AICPA, Trust Services Principles and Criteria)
Read our Announcement here-->
Shopalyst's Information Security Management System is certified to conform to the requirements of ISO/IEC 27018:2019 - code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
<!--
View Certificate-->
Shopalyst's Information Security Management System is certified to conform to the requirements of ISO/IEC 27701:2019 - requirements and guidelines for privacy information management (Extension to ISO/IEC 27001 and ISO/IEC 27002)
<!--
View Certificate-->