Security

Dryfta event platform is powered by fast and reliable services from Google Cloud Platform and Amazon Web Services. This duo provides us with the reliability and high availability that helps us win our customers’ trust and keep their data safe and secure.

Keeping our platform safe and secure is our top priority at all times. At Dryfta, we employ multi-layer security measures across our platform to ensure the integrity of our customers’ data and to protect our system against threats.

Hosting Environment

Dryfta platform is hosted on AWS servers.
AWS cloud platform is audited and meets all requirements for ISO 27018
AWS cloud platform is audited and meets all requirements for ISO 27017
Application level and Server level Firewalls to prevent unauthorized access to the system
Data is backed up 24 times a day on an hourly basis, for all days of the year.

PCI Compliance

Dryfta uses Stripe to process credit card payments. Dryfta does not store credit card information on its servers.
Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1
All card numbers are encrypted on disk with AES-256
Decryption keys are stored on separate machines
Two PGP keys to encrypt communications with Stripe

Encryption

Dryfta platform and event websites are accessible via a 256-bit SSL certificate issued by Comodo Certificate Authority. Here’s the latest SSL certificate report
All passwords are encrypted. Passwords are never stored in plain text
Dryfta uses HTTPS and HSTS across the platform for secure connections

Platform Security Assessment

All applications are regularly scanned for common security vulnerabilities including the OWASP Top Ten.
If you need PCI attestation of Scan Compliance report, please contact us.
If you need a QSA (Qualified Security Assessor) approved compliance report for SAQ D-SP, please contact us.