Rapyd Privacy & Security Center
FROM DAY ONE, RAPYD HAS EMBEDDED PRIVACY AND SECURITY INTO EVERY ASPECT OF OUR BUSINESS
Security and privacy are fundamental to how we develop applications, maintain our infrastructure, store and safeguard our customers’ and end users’ personal data and share personal data with third parties.
Our top priorities are protecting personal data (including cardholder data and payment data) and business data – as well as developing products and services that meet and exceed security, privacy and other relevant regulatory requirements (such as PCI).
Rapyd maintains a comprehensive network diagram of our current network topology, cloud instances, data storage and internal connections. We run daily vulnerability scans on all of our infrastructure assets, and any identified compromised assets in our cloud environment are remediated instantly. All endpoints are covered by a leading endpoint protection platform with additional managed services.
Rapyd invests heavily in continuous assessment of our applications through threat modeling, design and code reviews, periodic penetration testing and other security measures. In addition, we manage a bug bounty program with hundreds of security researchers for all of Rapyd’s domains.
Databases are replicated to maintain continuous operations of our products and services. Rapyd’s operations center monitors the databases and in case of failure, traffic is immediately routed to a backup database, making it the master. Rapyd personnel stand ready 24/7 to analyze and correct any faults.
Rapyd operates 24/7/365 monitoring operations, which monitor systems and infrastructure, provide triage, act as a first responder and escalate issues. Logs are reviewed and audited by internal and external parties. Alerts are configured based on risk and when necessary are transmitted to the Information Security Team.
Data protection measures include encryption, passkey-protected access control, hardware security modules (HSM), tokenization methods, certificates and more. For data at rest, we employ strong encryption and length standards, and for data at motion, internally and externally, we use SSL and TLS certificates by trusted providers. Rapyd follows NIST policies and guidelines for its operations, manages, stores, and handles personally identifiable information (PII) in compliance with GDPR and other privacy laws, as well as anti-money-laundering laws and regulations.
Rapyd has a level 1 PCI-DSS certification from a leading global QSA and a SOC2 type II report by a global top-5 firm.
Rapyd has detailed incident response plans and procedures that cover system monitoring and alerts, internal reporting, incident classification, escalation and mitigation.
In full compliance with applicable laws and regulations, incident procedures define the reporting mechanism internally and externally.
Rapyd also manages a business continuity plan and robust data recovery capabilities. Both the incident response plan and business continuity plan are tested annually based on assessment of current events and risks.