At bookingkit, your security is our first priority. This is why we uphold the highest technology and security standards, to keep both your data, and the data of your customers, safe at all times.
Location
All user data is stored and managed by AWS (Amazon Web Services) in Frankfurt a. Main Germany. AWS data centers follow the highest standards in data security.
Uptime
Our systems had an uptime of over 99.9999% over the last 2 years. We ensure a high uptime by using industry-leading technology and robust Quality Assurance practices.
Backup
During its lifetime, bookingkit has never had a major incident which made backups necessary, yet nonetheless we believe in following industry best practices for backups.
Full backups of all data are performed at least every 60 minutes. Our Recovery Point Objective (RPO) is 1 hour. After a major incident, our Recovery Time Objective (RTO) is 24 hours.
All software users have to authenticate through a standard email and password authentication system. To ensure password strength we deploy an automated algorithm that measures length, complexity, and unpredictability, and does not allow weak passwords to be used.
For an extra level of security companies can use their own single sign-on systems (SSO) and thus ensure full compliance with existing corporate guidelines.
All data from and to our systems is encrypted using SSL, thus ensuring data integrity during transport for all users, be it end users who buy a ticket or users that manage their companies via our software.
Our systems follow industry-wide data privacy best practices. Not only is all end-user data only stored on German servers in Frankfurt a. Main, on AWS, but our systems are generally designed to demand and store the least amount of private data possible. All details regarding our privacy practices can be found within our privacy policy.
All our payment practices follow the guidelines laid out by PCI DSS. As bookingkit, we do not store any payment information ourselves, but rather rely on our world-class payment processing partners. All three partners which we work with (Mangopay, Stripe and PayPal) are PCI DSS Level 1 certified, the highest certification that PCI DSS allows for.
Pen testing
Every single release of our software is tested using automated penetration tests. This allows us to safely release new versions of our software multiple times a week, which in turn guarantees you a constantly up-to-date system.
Incident management
Should we discover a security breach, we take the following steps:
or