Security & Responsible Disclosure

From You to Your Customers.

We take your security and data processing needs very seriously.

Data travels safely to and from your CloudFlare Web Application Firewall protected site on servers professionally managed, updated, and monitored by our devops team and is monitored live 24/7. Regular PCI and security scans ensure both your customers and your business stay secure.

We serve all internet traffic encrypted via HTTPS. We follow modern best security practices and test regularly for the OWASP Top 10.

We do not store credit card information ever, instead we use payment processing gateways that allow for 'tokenized' access to customer payment information, so there is no payment information in our databases for anyone to attempt to steal, reducing the risk of a security incident. Instead, all payment information is collected and processed using either a hosted form provided by the payment gateway, or the customer is redirected to the payment gateway to enter in their payment information.

All passwords are salted and one-way encrypted (this means you can't see what a customer's password is).

 

Online Payment Integrations

All of the payment gateway integrations that Kiva Logic provides qualify your business for PCI SAQ A. This means that no payment information is ever handled or processed by Kiva Logic or your business, and instead is processed directly by the payment gateway of your choosing.

Stay Open.

Our high availability setup with automatic failover keeps you open for business. Regular, secure backups mean you’ll always have access to important data on your customers and your bottom line as your traffic increases. We offer a 99.98% SLA, and you can view our uptime history here.

Help is Here.

When you have questions, we have answers. Visit our documentation or contact us with your questions. Suggestions and feedback are always welcome!

What should I tell my customers?

We know that you may have customers that would like to know about your website security and may have questions about payment processing. Try this out for size, and if you need more information or have questions, we're only an email away (replace Stripe.com with your gateway, and YOURCOMPANY with... well, your company name!):

"YOURCOMPANY uses Stripe.com hosted forms for all payment data collection. Stripe.com is certified Level 1 PCI DSS compliant (https://stripe.com/docs/security/stripe). Your payment data never touches our website and instead is handled directly by Stripe.com through hosted payment information forms that return only a token to be stored with your Bodhi account. This qualifies YOURCOMPANY for maintaining our PCI requirements using the PCI SAQ A level.

Your account information is protected using one way encryption using a unique salt to store a hash of your password- we do not store or log your password. Admin users must use strong passwords and receive notifications on every admin login.

We use a Web Application Firewall set to the highest levels of protection provided by CloudFlare, undergo regular security scans by Tinfoil Security, have a dedicated devops team that keeps our server software up-to-date while monitoring our infrastructure 24/7, and we follow modern best practices for web development security as dictated by OWASP (The Open Web Application Security Project)."


Responsible Disclosure. Just in Case.

If you have found a security flaw or bug in our software, we are more than happy to receive an email through you. Please use responsible disclosure and contact us at [email protected].

Safeguarding your business and your customers is our top priority. If you have a security concern, please email [email protected].

Please do not publicly disclose any suspected vulnerability before allowing us to research and resolve any issues. When reporting a potential problem, please consider the following information:

  • What steps should be taken to reproduce the issue you encountered?

  • Is a screen shot of the problem possible?

Public Key for [email protected]

mQINBFaOs8cBEADalWknMWgT6BI0QSizvCE6jy6E508e7sfm9FLZi9/mzwgYUjyd8zomWkDH ON9DGF4YenooqemnnzKkOEYtghC1Wicpo7VMjnJRrmL9V2A7rbymSnTSqf7yj31arTcIwHWl Re7AUmGMHF7PhoW9GumzGqHjDAVZXqha3hupTGKWdTJ8H6hi4JiDd4Qvk/LVmZ5XcBAR85KI +YnE4UInirvFujOT0xAHBp83faVnNyUI8Kln33HSfjhigppZdMT89Q5rYUdLl5ExynyUIOWm xgDjdZYkhlc9T/eq8ooX03TG+cBStHRrTO4VA47B0Bx0N3CkMvtoxwXeoUULgezff9V06TsR R3NCmK7zSygDr87IPw4v5H3BIWxFA1GdAnazRQ05V/HlJbfTRVImXy9f4mzSPE4/CePch5Dj ubVOJZn0yzJ9Af32EI0e2c3GKVf5B/GCxnjiPTH2HSgHk0vkndjK8Nm6e7oQN26S32qqlmlq vieCqFk6k7WEZU0sDEFc6ivycAJnSvqyUMM5YKIBeseIpEU07NQ760YRvMNBZ4joxh87iYe6 1GnLrOJ2pszKFmZTB3nL9Nlqh9e15A3/TflLEo2YwzWXXyqtRjlUX6j8s5d8040xVNYyjjS1 npeLRhQW/6R6eUVRvENblfs3enmaDZM9kVSx38hyhfUjjEFLpwARAQABtCpLaXZhIExvZ2lj IFN1cHBvcnQgPHN1cHBvcnRAa2l2YWxvZ2ljLmNvbT6JAjkEEwEIACMFAlaOs8cCGyMHCwkI BwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRBxekNIQ/zPdR6GD/wKd32pszL8KtI1ThLrRRHM CLJNPeusAqUU/RUhQI8mL4+mAISFCwjjogiNl8xXUEm7ec54+xGp8xvHD1V0QRPzji30Q0Rf vHmiQ6OI/KT7iTdl40lge1uMeZtMmmzwHFqUdtbmNElRlqrjxoaADuvGUuqWBT6FGctt9Vah 3zZWqgeBVEQ3wp11dKZjVqoYXLQPY+EXm5eUVPGq9vXZ2O46uQ2T94tO81GkfWRVa3kZ1Nfw 7Fj7EooDLm/OmR2S1CXp1oRLmPY/rfFjp6h7YXCPfrl/CzFvR22OHkeKoNxkUIHXr1mXnwUm hNF/owWwui1VGTeFwRPNCsVuBCUXK3/Y7oCKRPtGmsgvgKu2XooLpjVjXONYYG+/q2AW6o+a BIOtlVTNk8iUKdBAATJmEbvXIhJGQNATzq/KLtBA8tWkdY2zwDP1SHmJWZ/rw7B+JsX/JJqq YayKyG8IBdWPTuJa8j3FIt149fg632aTWEUICH5g6M5rjNlvnRzX1ehU0cO1NKC6ASo7l5WF jdejhOriwu1/XBhla9usE9WqYoFG9BgUhZq8eBeaoYslBic4n4RJ0AXyl7zMJdqV0/dEC+9k ZKLMtYSdSVAYWKgUfNP8LyeNpnpSlMBsImoqXvcfwVbUEK/l2K62hMusDaRh7aTm0DJ5tmZG GAu3ygLTlYXtU7kCDQRWjrPHARAAsR7znNTXvEXY/jc19yTFdAQnNc6sLAlw8pSPrTHn2Syg EefdqzTtLgRl9ro/XQ+xDvVnqjvOV9hZ2YCnNc0/hauhMiEGKZnd9cWMJBn84qcyZcT88kju kf++whpNt0dU0iaP570t1+28lzF1U7QUHZ47STb90Fs+0CBHqDJNlBa+iRpd1eox9PWMo2+w xVLCR9CbHUpLJhmTDx/HyjnTDCf+p2ecXUl3Z/CKcOu/3h7tfzXwFJQEz6evJWvOc8up4+oR W2IcgeHWk/1y0cMuEQ3b/rmnNRq2cJiBBa8n2zvZQEQ9xeS/ZSgIgBqllmTyFEd7xhkk6XHf OTS8Qc/5a6RPq4YqzLzPjjciIZNNdyf3Ky2m+vsmntiu5x7U7KeYfZrDj1TnUyxS3BQDH8/P Ao/eeIUyhG+WqyXU1nrF96fcW5TU5ix9DAR3t2LYkXozuo0Ij0OUb0SKOONq5l3prNQgdkg4 FtBfk6447cjBNVrqJTJ9BvygM21a9uLBetsLbEeJ0omHlHwQajdQ2IOTO+nYdjLltxg4ZuYX CqAzW5CEPKA6byfoH5PPcdrukucvI/W0o8W6+61PpJPU4wgZa9EBM+lNo4hIMigHg/l48HIJ Oudukpy7VuUzSzdc4Mm7LmykJ/JwaYCVXXgySdxVKwx1RuKcNPEveJnDrUd/SFcAEQEAAYkC HwQYAQgACQUCVo6zxwIbDAAKCRBxekNIQ/zPdTgKEACPhwQ69vSAonV/iDZ3cTIQo1DgHmkK F/qrXtk+RPMxJJq2qLJxIuk5IEll/se+kioSogtpbeGS9k/ggi25v9muAcFOW6J2ehRABdsA SOyI1aX0hGwqJYRRNVoz3JRj996mtXIhxzwhBEjrTTwzCdKizLPHU4jolbz+mh+/y/kh7GhG mzh83/qaRHcA859gSMBDkTgQ9e9ZplPNNRajk1dH7SmPrjiLSsVViGlunMOj3HeiRshGwI1R PcRsXLFkbp7YwocSLoxewQr1OstwBsJ24JrQi99dpR/G67+TTT+qcptKFvCHliNK/IkRYV0P nD+Z9P/EWQFO5zTJ3dCCig7ePLgxpw02rkeiXetVydzuCTfFzmLxZG5xb1kYI8dDqvod8ebl S2KgzAMjWVjkQSlnvLT1rPx0gvDJQ6EylepXzvSUO2j2eGouS9o4h4dYunjIBU9XP+9wiZy6 tTJWJh87W3O7ah+R6yWuA/unhXNy7nQhQAQUCVhShD0aRBPhcQJc6k07d1E4xssfCkiRuJpZ 0sXmTqtet39f9LYACOFk4twKe0nr6muKhh4fOtd0YfwV9bt0+jaB3TezseNAZi4h8mWZWfkl 8OwLOJhYzM7hL12ab121ZgMk3PAItZCmXqYqcNmF/wGj0IC2M4hvW3F1/0tBdfcgfcUMJe0F 9BibyQ== =HKvT




Loading