Raincheck uses industry standards to meet compliance requirements taking into account general security and privacy frameworks, to support our clients and partners meet their compliance standards.
Raincheck hosts its application primarily in Leaseweb data centers that have been certified as ISO 27001, PCI/DSS, SOC 1 Type II, HIPAA, and/or NEN 7510compliance.
All data sent to or from Raincheck is encrypted in transit using 256-bit encryption.
Our API and application endpoints are TLS/SSL only. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.
We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.
On an application level, we produce audit logs for all activities. All actions taken on production consoles or in the Raincheck application are logged.
Raincheck has architected a multi-layer approach to DDoS mitigation via Leaseweb DDoS IP Protection.
Raincheck leverages on Nginx Reverse Proxy for all incoming connections provides an outstanding level of security and reliability
Access to customer data is limited to authorized employees who require it for 2 their job. Raincheck is served 100% over HTTPS. Raincheck runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on Raincheck’s network.
OmniSpce leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These inherent controls reduce our exposure to SQL Injection (SQLi), Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF), among others.
We enable permission levels within the application to be set for the various user groups. Fine-grained permission and access management gives you a full range of options to fine-tune permissions and rights regarding your company’s security directives
Raincheck enforces a password complexity standard and credentials are stored using a PBKDF function (bcrypt).
Our Quality Assurance (QA) department reviews and tests our codebase. Dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.
Testing and staging environments are logically separated from the Production
environment. No Service Data is used in our development or test environments.
All employee contracts include a confidentiality agreement
The platform you need to streamline your customer experience with ease.