Everything you need to know about how Dremind protects your business’ and customers’ data.
Data security is paramount in any retail business. Keeping your business’ and customers’ information secure enables you to build and maintain trust with shoppers and helps keep your business running smoothly. That’s why Dremind makes it a top priority to protect your and your customers’ data. This page will offer an overview of the various steps we take to keep your business safe from threats.
In addition to complying with the Payment Card Industry Data Security Standard (PCI DSS), Dremind implements strict controls across our platform to abide by the EU's General Data Protection Regulation (GDPR) regarding the processing of personal data of individuals residing in the European Union (EU).
Dremind also engages in various forms of penetration testing. Aside from conducting annual internal and external penetrations of Dremind's office networks, we engage with independent parties to conduct application-level and infrastructure-level penetration tests at least once a year. The results of these tests are documented in our Vulnerability Management Policy and Procedures.
Dremind is hosted by Amazon Web Services (AWS). You can access all AWS compliance and audit reports through the AWS Artifact portal.
INFRASTRUCTURE AND ENDPOINT SECURITY
We’re constantly enforcing measures to keep Dremind's network safe and secure. Such measures include system monitoring, logging, and alerting, as well as Distributed Denial-of-Service (DoS) Protection through AWS Sheild Advanced.
And to protect Dremind from unauthorized access via remote devices, all company-issued devices to our employees are configured, updated, and tracked by Dremind's endpoint management solutions. By default, Dremind workstations are equipped with data encryption, firewalls, and strong passwords.
We also centrally manage access to Dremind's network and applications, and we continuously audit access and privileges so they're in line with Dremind's Access Control Policy.
We want to make sure that everyone who works at Dremind understands how to protect themselves — and Dremind retailers — from threats.
To that end, we conduct employee background checks to verify each candidate's education and employment. Once hired, all Dremind employees are expected to adhere to Dremind's security policies, and the Security team closely monitors compliance.
Dremind also conducts security awareness training for all Dremind employees once a year. The program covers everything from data classification and handling to password hygiene, physical security, and more.
How do we ensure a safe and secure experience when using the Dremind app? For starters, all data transmitted through Dremind are encrypted using the latest recommended secure cipher suites. We protect login confidentiality by hashing passwords using the bcrypt algorithm.
We protect the Dremind app from brute force attacks by implementing rate limiting and a check to see if you’re human. Plus, all secret keys used in Dremind's product and app infrastructure are encrypted in AWS. Any changes made to production apps and infrastructure are strictly controlled, and we closely review any changes before implementing them.
We're always monitoring and testing for dependencies and vulnerabilities. We invite security researchers to put Dremind’s security to the test through Dremind’s private bug bounty program hosted on HackerOne, so we’re always aware of any weaknesses that need to be corrected.
A huge component of data security lies in protecting Dremind from physical threats. This is why all Dremind offices are controlled by badge access, alarm systems, and cameras. Every office also has shredders and secure bins for handling sensitive paper materials.
Dremind's production infrastructure is located in AWS data centers, where physical access is strictly controlled by security staff, video surveillance, intrusion detection systems and more.
When a security incident occurs at Dremind, we immediately initiate our incident response (IR) procedures to identify, contain, and resolve the issue ASAP.
Regarding vendor management, Dremind has an established and documented process for engaging a new vendor or supplier which involves an inventory of the asset, security risk assessment, and a legal review.