Our Approach to Security

As a connection layer between merchants and channels, highly sensitive data is moving through the Violet system at all times. We know that both channels and merchants are trusting us to keep this data secure in transit and at rest. To maintain this trust we implement the latest technologies and follow industry standards throughout the lifecycle of our services.


Security Practices

We continuously strive to follow and implement the latest security technologies and practices. The following are a few of the technologies and practices we utilize today.

  • Encryption of sensitive data at rest using AES/CTR/NoPadding and KMS.
  • Bcrypt/Blowfish hashing of sensitive data like passwords.
  • Ongoing vulnerability scans powered by Snyk.
  • Regular penetration tests performed by HackerOne.
  • Ongoing access reviews.
  • Complete backups of all data.
  • Logging and monitoring.

Security Standards

Violet complies with and/or has been audited for the following security standards.

  • GDPR
  • CCPA
  • PCI-DSS (Service Provider Level 2)
  • SOC2 Type 2