Pintio

Security & Data Protection

Your security and privacy are our top priorities. Learn about our comprehensive security measures and data protection practices.

Enterprise-Level Security

Pintio implements bank-grade security measures to protect your business data, customer information, and financial transactions. Our security framework exceeds industry standards and is continuously monitored and updated.

Payment Security & PCI DSS Compliance

Stripe Payment Processing

All payments are processed through Stripe, a PCI DSS Level 1 compliant payment processor trusted by millions of businesses worldwide.

  • • PCI DSS Level 1 Service Provider
  • • SOC 1 Type 2 and SOC 2 Type 2 certified
  • • 3D Secure authentication support
  • • Advanced fraud detection
No Card Data Storage

Pintio never stores, processes, or has access to your credit card information. All payment data is handled directly by Stripe.

  • • Zero card data storage on our servers
  • • Tokenized payment processing
  • • Reduced PCI compliance scope
  • • Enhanced security for your customers

PCI DSS Compliance Statement

Pintio maintains PCI DSS compliance through our partnership with Stripe. We follow the Payment Card Industry Data Security Standard requirements for handling cardholder data, including secure network architecture, data protection measures, vulnerability management, access controls, network monitoring, and information security policies.

Data Protection & Privacy

Encryption
  • • TLS 1.3 encryption in transit
  • • AES-256 encryption at rest
  • • Database-level encryption
  • • Encrypted backups
Access Controls
  • • Multi-factor authentication
  • • Role-based permissions
  • • Row-level security
  • • Session management
Infrastructure
  • • Cloud-native architecture
  • • Automated security updates
  • • Network segmentation
  • • DDoS protection

Authentication & Access Security

Multi-Layer Authentication

User Authentication

  • • Google OAuth integration
  • • JSON Web Token (JWT) sessions
  • • Secure password requirements
  • • Account lockout protection

API Security

  • • API key authentication
  • • Rate limiting and throttling
  • • Request signing and validation
  • • IP whitelisting options

Data Handling & Storage

Data Minimization

We only collect and store data that is necessary for providing our services.

  • • Business information for account setup
  • • Usage analytics for service improvement
  • • Customer data for your business operations
  • • No unnecessary personal information collection
Data Retention & Deletion

Clear policies govern how long we retain your data and secure deletion procedures.

  • • Active account data retained per your plan
  • • 30-day grace period after cancellation
  • • Secure data deletion procedures
  • • Data export options before deletion
Backup & Recovery

Robust backup systems ensure your data is protected and recoverable.

  • • Automated daily backups
  • • Encrypted backup storage
  • • Geographic redundancy
  • • Point-in-time recovery options

Security Monitoring & Incident Response

24/7 Monitoring
  • • Real-time security monitoring
  • • Automated threat detection
  • • Intrusion detection systems
  • • Log analysis and alerting
  • • Security incident tracking
Incident Response
  • • Defined incident response procedures
  • • Rapid containment protocols
  • • Customer notification procedures
  • • Post-incident analysis and improvements
  • • Regulatory compliance reporting

Security Audits & Certifications

Regular Security Assessments

Internal Audits

  • • Quarterly security reviews
  • • Code security analysis
  • • Infrastructure assessments
  • • Access control audits

External Assessments

  • • Third-party security audits
  • • Penetration testing
  • • Vulnerability assessments
  • • Compliance certifications

Your Role in Security

Security Best Practices for Users

  • • Use strong, unique passwords for your Pintio account
  • • Enable two-factor authentication when available
  • • Keep your browser and devices updated
  • • Log out from shared or public computers
  • • Report suspicious activity immediately
  • • Regularly review your account activity
  • • Be cautious with phishing attempts

Data Privacy Rights

You have full control over your data with Pintio:

  • Access: View all data we hold about you
  • Correction: Update incorrect or incomplete information
  • Deletion: Request removal of your data
  • Portability: Export your data in standard formats
  • Restriction: Limit how we process your data

For detailed information about data privacy, please review our Privacy Policy.

Security Incident Reporting

Report Security Concerns

If you discover a security vulnerability or have concerns about the security of our platform, please contact us immediately:

  • Security Email: security@pintio.jp
  • Priority Response: Security issues are handled with highest priority
  • Response Time: Initial response within 4 hours during business hours

Compliance & Standards

Payment Standards

  • ✓ PCI DSS Level 1 (via Stripe)
  • ✓ SOC 1 & SOC 2 Type 2
  • ✓ 3D Secure authentication

Data Protection

  • ✓ Australian Privacy Act compliance
  • ✓ GDPR-ready data handling
  • ✓ Industry security standards

Contact Information

Security Team

General Security Inquiries: security@pintio.jp

Data Privacy Requests: privacy@pintio.jp

General Support: support@pintio.jp

Business Hours: Weekdays 10:00-17:00 JST

For urgent security matters outside business hours, please mark your email as "URGENT SECURITY" for priority handling.

This security information was last updated on December 24, 2024. We regularly review and update our security practices to maintain the highest standards of protection for our users.