We certify with standards and frameworks to help merchants comply with their own requirements.
SOC 2 Type II (System and Organization Controls) is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality of a service provider.
The Payment Card Industry's Data Security Standard is an information security standard for the handling of credit card information. PCI Level 1 compliance is the highest standard available and certifies that we handle sensitive data accordingly.
Privacy and personal information protection are central to how we handle data. We comply with updated privacy legislation (including the GDPR and CCPA) as it becomes available.
We’ve adjusted our infrastructure and implemented additional processes to meet the standards set by the GDPR (General Data Protection Regulation).
We’ve incorporated CCPA (California Consumer Privacy Act) standards into our data practices to meet merchant requirements under this legislation.
As our corporate headquarters are situated in Canada we follow the requirements set by PIPEDA (Personal Information Protection and Electronic Documents Act).
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
At Bold, our production network segments are logically isolated from our development or corporate segments, meaning your data can’t be accessed internally without a documented access request, vetted by our information security team.
Our development processes, cloud hosting services and application architecture are all designed with security as a focus.
Bold’s Servers are hosted using Google Cloud Platform (GCP), which is made up of PCI DSS, ISO 27017, ISO 27001, SOC 2, and SOC 3 compliant facilities.
All production infrastructure is monitored and logically administered by Bold’s operations team.
Physical security, power, and internet connectivity is monitored by Google.
Bold offers data centres in the United States and Canada.
In case of a system alert, events are escalated to our on-call incident handling team dedicated to specific response processes, including communication channels and escalation paths.
Our Security team is on-call 24 x 7 x 365 to respond to security incidents. We perform network security scans routinely for quick identification of out-of-compliance or potentially vulnerable systems.
Bold maintains a publicly available status page which includes system availability details and information on scheduled maintenance.
Bold utilizes the latest in biological scaling algorithms and heuristics to determine optimal performance and network redundancies to eliminate single points of failure.
Our Disaster Recovery program ensures that services remain available or are recoverable in the case of a disaster.
Every quarter our team participates in security training. Our security group reviews security controls every six months.