Security is not something we take lightly. We operate in a secured environment with enterprise-class security features to ensure that customer and business data is always protected.
Our customers rest easy knowing their information is safe, their interactions are secure, and their businesses are protected.
Data center & network security
1.1 Physical State
Facilities: Pivolt servers are hosted at Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. Data center facilities are powered by redundant power, each with UPS and backup generators.
On-site Security: Our data center facilities feature a secured perimeter with multi-level security zones, 24/7 manned security, CCTV video surveillance, multifactor identification with biometric access control, physical locks, and security breach alarms.
Monitoring: All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by Pivolt staff. Physical security, power, and internet connectivity beyond co-location cage doors are monitored by the facilities providers.
Location: Pivolt leverages data centers in the United States and Europe. Customers can choose to locate their Service Data in the US-only or Europe-only.
1.2 Network security
Transmission Security: All communications with Pivolt servers are encrypted using industry standard HTTPS over public networks. This ensures that all traffic between you and Pivolt is secure during transit. Our network is protected by firewalls and best-in-class router technology.
Logical Access: Access to the Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our staff.
Encryption in Transit: Communications between you and Pivolt servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks. TLS is also supported for encryption of emails.
1.3 Availability & continuity
Redundancy: Pivolt’s data center facilities employ network redundancies to eliminate single points of failure. The strict backup regime ensures Service Data is actively replicated across primary and secondary systems and facilities.
Disaster Recovery: Our Disaster Recovery program ensures that our services remain available or are easily recoverable in the case of a disaster.
ASP.NET MVC Framework Security Controls
utilizes ASP.NET MVC framework security controls to limit exposure to OWASP Top 10 security flaws. These include inherent controls that reduce our exposure to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection (SQLi), among others.
Separate Environments: Testing and staging environments are separated physically and logically from the Production environment. No actual Service Data is used in the development or test environments.
Single sign-on (SSO): Single sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials for your Pivolt instance.
Configurable Password Policy: Pivolt provides several password rules that can be configured by the system administrator to strengthen password security and prevent unwanted access.
Secure Credential Storage: Pivolt follows secure credential storage best practices by never storing passwords in human readable format, and only as the result of a secure, salted, one-way hash.
Access Privileges & Roles: Access to data within Pivolt is governed by access rights, and can be configured to define granular access privilege.