Keeping your data secure & ensuring compliance

Rainforest removes the headache of securing your online payments, while reducing your team’s regulatory and compliance burden. We’ve demonstrated our commitment to security by becoming PCI DSS Level 1 certified and hosting our platform on AWS.

We ensure the privacy & safety of your data

Rainforest removes the headache of securing your online payments, while reducing your team’s regulatory and compliance burden. We’ve demonstrated our commitment to security by becoming PCI DSS Level 1 certified. Our platform is also hosted on AWS.

Reduced attack surface & immutable infrastructure

Our fully automated, reproducible deployment pipeline creates a containerized environment with no unrequired packages within our production environment. All infrastructure is read-only and implemented using Infrastructure-as-Code.

Code reviews and automated scanning

All changes to our infrastructure and platform deployments must undergo strict code reviews and automated code scanning to identify any defects, vulnerabilities, 3rd party library security issues, and the presence of secrets within our code.

Automated enforcement of secure coding standards

Automated controls are in place to enforce our secure coding standards and change management controls. No one can skip a step. Every line of code must undergo a pull request and proper security scanning.

Logical access and identity access management

Rainforest implements multiple layers of logical access control, creating fortress-like layers of protection around our data assets and infrastructure.

Firewalling and service minimization

Our infrastructure employs Web Application Firewalling and security groups and restricts traffic to API calls over HTTP/S. No direct user access is permitted in our production environments or databases. Services run in full network isolation.

Rootless administration via infrastructure-as-code

All changes to our platform take place via Infrastructure-As-Code and source code deployments, subject to our strict DevSecOps and change management controls. No direct changes are permitted within our production environments.

Principle of least privilege

Permissions are set at a minimum level and managed through a central directory utilizing Single-Sign-On for provisioning, terminations, and audits.

Two-factor authentication

Rainforest enforces two-factor authentication for all users, across all applications, for access to Rainforest business systems.

End-to-end encryption

Rainforest encrypts your data end to end, from the point of receipt at the user interface level, until it exits in our systems and is processed by our 3rd party payment gateway partners.

Data encryption everywhere

Data is encrypted in transit at all stages of data transmission and processing, including between services within our internal networks. Payment card information is encrypted at rest, at the row level within our production databases.

Payment tokenization

Rainforest implements payment tokenization to further reduce the risk of Primary Account Numbers (PAN) exposure in plaintext as part of data processing.

High availability, globally managed — our platform

Rainforest Pay lives on Amazon Web Services (AWS), using globally available services across multiple regions to ensure maximum updates and high performance — regardless of where your customers are doing business.

DDoS mitigation

Distributed Denial of Service protection is available on all Rainforest services.

Backup and restore

Data is snapshotted and continuously backed up, separate from production datasets.

Best-in-class uptime

Through the use of AWS-based platforms and infrastructure, we can provide status updates on our services and platforms.