Security and Compliance

Erika
Erika
  • Updated

CUR8 doesn't complete individual security audit forms.

We can refer you to our Terms of Service and Privacy Agreement. 

CUR8 does not store, process, or transmit credit card data and is PCI Compliant (SAQ-A attached). CUR8 uses carrier-grade data centers and processors (AWS, Stripe, Bill) that meet the following certifications:

  • PCI-DSS Level 1 Service Provider
  • SOC 1 Type II and SOC 2 Type II
  • ISO 27001

Security

  • CUR8 is scanned quarterly by an Approved Scanning Vendor (securitymetrics.com)
  • CUR8 utilizes credit card tokenization to minimize risk related to cardholder data.
  • We do not sell our customers' personal information to third parties.

Development

  • CUR8 software engineers receive software security training that covers security best practices.
  • CUR8 uses static code analysis tools to analyze code for security vulnerabilities.
  • A software and security code review before being shipped to production.
  • Running through a continuous integration test suite.
  • Manual QA testing.

Encryption

  • All web traffic is encrypted by TLS 1.2 or greater.
  • CUR8 follows recommendations for hashing, symmetric, and asymmetric encryption.

If you are unable to proceed with using our service for any reason, please note that it is possible to use just the streaming side of CUR8 and a third-party system or manual process for monetization.