Data Storage Security

We at NuovoPay take customer Data Security very seriously and have implemented a list of measures and a set of protocols to further safeguard and protect data. The following rules are some high-level mechanisms that have been implemented across the systems:

  • Passwords: All login passwords are hashed using BCrypt (one way hashing) and then stored in the database. For best results we advise users to choose at least 12-14 character password and also use a Password Manager.
  • Login Security: We further protect your login from brute-force attempts with rate limiting.
  • Logging: Passwords and other sensitive tokens are excluded from all system logs.
  • Analytics: Analytics tools have “IP anonymization” in place to protect user’s privacy.
  • Data Centers: NuovoPay leverages multiple cloud services to store and manage its data. The data centers are located in Ireland, Netherlands, Germany and United States, in future new data centers may be added / removed / relocated. But there will always be an EU data center to serve EU customers and their data will always be stored in data centers located in EU.
  • Backups: All backups are encrypted and stored in long term storage. Backups are managed through Lifecycle policies which will automatically purge them after certain age.
  • HTTPS: All the requests are served using HTTPS.

We take special care in sanitising user input to avoid XSS or Cross-site scripting issues, in general as we do not deal with lot of user generated content so the attack surface is relatively small.

Payment or Credit Card Data

Your payment or Credit Card information is not stored in our servers, we leverage 2Checkout to process the payments for our customers. They are a PCI Level 1 certified payment processor and stores the Credit Card data in PCI Compliant servers. Learn more