PCI compliance.

Is Freewebstore PCI compliant?

Yes. Security is of paramount importance to us and we take PCI compliance very seriously. Freewebstore undergoes annual assessments to validate our compliance. Continuous evaluation and risk assessment ensures that PCI compliance is at the heart of what we do.

Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides all customer service inquiries and handles returns.

Paddle - https://www.paddle.com/legal/checkout-buyer-terms

We never store raw magnetic stripe, card validation code (CAV2, CID, CVC2, CVV2), or PIN block data.

Cardholder data is stored using one of the most advanced encryption methods available. Multiple encryption keys are stored on different physical servers. A data thief would not be able to make use of information stolen from a database without also having the key. The data store where cardholder data is kept cannot be connected to via the internet.

All users have to authenticate each time they use the application and inactive sessions time out after 2 hours. Passwords are never stored directly in the database. In addition, all communication between merchants and us is conducted in a secure fashion using TLS (Transport Layer Security).

At least quarterly, automated vulnerability scans are conducted on our Card Data Environment. In addition, at least once a year we have extended external penetration testing conducted by outside sources.

Our network has been set up in a secure fashion with minimal access to outside networks. Only VPN access is allowed to our servers from whitelisted IPS.