Security Policy

We take security with the utmost importance here at Interseller. Here's what we do to ensure we keep all of our data safe.

Encryption.

  • All requests to Interseller including any interim connections across Interseller's infrastructure is secured with HTTPS and/or SSL. Any connection or request using unsecured protocols, like HTTP, are redirected to its counterpart or terminated.
  • Interseller uses HSTS, a protocol with well-known browsers that lets them know and enforce that our website uses HTTPS and should ignore HTTP.
  • All data and customer data is encrypted at rest and encrypted in transit.
  • All secret keys and customer keys (e.g. integrations) are encrypted with hardware security modules (HSM) for extra protection.
  • Credit cards are stored and processed security with Stripe, which is PCI Level 1 compliant.

Infrastructure.

  • All data is hosted and secured in a private environment. All publicly facing endpoints and IP addresses are firewalled.
  • Access to our environment requires two-factor authentication and is allowed only from well-known employee IP addresses. Access attempts are logged securly and audited perodically.
  • We utilize denial of service (DOS) protection services and web application firewalls (WAF) to ensure our services are protected from attacks.

Compliance.

  • Interseller is privacy shield certified and complies with the EU General Data Protection Regulation (GDPR).
  • You can request your data to be deleted at any time which is usually processed within 7-10 days of request.

Third Parties.

  • Interseller utilizes third parties to help us with support and account management services.
  • Data shared to our third parties are limited to name and email address only. Absolutely no email data is ever shared with our partners.
  • Interseller periodically audits its third-parties and partners to ensure the that our customer data is kept secure.

Internal Policies.

  • We enforce two-factor authentication (2FA) with all sensitive data processors such as Slack, G Suite, Intercom and Stripe.
  • We utilize a password manager to secure online accounts and share them across our team.
  • We go through yearly scheduled security testing including security assessments with our partners.
  • All employees and contractors sign a non-discolsure agreement.

Bounty Program.

We ask for security researches to report any security exploit to hi@interseller.io. Qualifying reports will be answered within 5 days and will be paid via PayPal on patch release. Reward amounts will depend exclusively on the severity of the vulnerability and has an upper limit of $750.00 USD. We do not reward researches for DOS, automated scripts, mixed-content scripts, social engineering, regular bugs, or not adhering to "best practices". Please include the following information when submitting a report:

  • Technical details of the vulnerability. Please include step-by-step instructions so we can reproduce it on our side. A video is greatly appreciated.
  • Scope and impact of the vulnerability including what type of data an attacker can access.