Close Cookie Popup
Cookie Settings
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage and assist in our marketing efforts. More info
Security at Shopflo
CLOUD INFRASTRUCTURE
Shopflo is hosted on a Virtual Private Cloud on Amazon Web Services which provides a secure and scalable technology platform to ensure we can provide you services securely and reliably.
PERIMETER SECURITY
We have deployed Defence in Depth Architecture using a network firewall, web application firewall, DDoS protection layer, and a content delivery network.
Our infrastructure is launched in compliance with the AWS Well-Architected Framework and from the security perspective incorporating practices from the AWS Cloud Adoption Framework.
We have a 3-Tier Architecture that incorporates best practices from various standards and certifications.
We have strict network segmentation and isolation of environments and services in place.
HOST SECURITY
We use industry-leading solutions around anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, application control, application and audit log aggregation, and automated patching.
All our servers are launched using the Center for Internet Security Benchmarks for Amazon Linux.
DATA SECURITY
We employ separation of environments and segregation of duties and have strict role-based access control on a documented, authorized, need-to-use basisWe use key management services to limit access to data except the data teamStored data is protected by encryption at rest and sensitive data by application level encryptionWe use data replication for data resiliency, snapshotting for data durability and backup/restore testing for data reliability.
INCIDENT AND CHANGE MANAGEMENT
We have deployed mature processes around Change Management which enables us to release thoroughly tested features for you both reliably and securely enabling you to enjoy the Shopflo experience with maximum assurance.
We have a very aggressive stance on Incident Management on both Systems downtime and Security and have a Network Operations Center and an Information Security Management System in place that quickly reacts, remediates or escalates any Incidents arising out of planned or unplanned changes.
VULNERABILITY ASSESSMENT AND PENETRATION TESTING
We have an inhouse network security team that uses industry leading products to conduct manual and automated VA/PT activities.
We employ both static application security testing and dynamic application security testing which is incorporated into our continuous integration / continuous deployment pipeline.
BUG BOUNTY PROGRAM
Shopflo values the security researcher community and recognizes the importance of their work in keeping the internet safe. Our Bug Bounty Program is designed to reward researchers for discovering and reporting vulnerabilities in our systems responsibly.
SCOPE
Our bug bounty program covers the following services:
1. Shopflo Applications
2. Shopflo API endpoints
Please note that vulnerabilities in third-party applications or services that integrate with Shopflo are not included in the scope.
OUT OF SCOPE
The following findings are out-of-scope for our bug bounty program:
1. Denial of Service (DoS/DDoS) vulnerabilities
2. Spam or social engineering techniques
3. Vulnerabilities affecting outdated or unpatched browsers/devices
REWARDS
Rewards are based on the severity of the vulnerability, determined using the Common Vulnerability Scoring System (CVSS). The final reward amount is at the discretion of our security team.
SUBMISSION GUIDELINES
To submit a vulnerability, please follow these guidelines:
Provide detailed steps to reproduce the vulnerability, including any necessary code or tools.
Include your assessment of the vulnerability's impact and potential severity.
Send your findings to security@shopflo.com securely, preferably using encrypted email.
REWARDS
The reward can go up to 1000 USD based on the severity of the Bug.
RECOGNITION
In addition to monetary rewards, we acknowledge the valuable contributions of researchers in our Hall of Fame and offer swag for significant findings.We look forward to working with the security community to enhance the safety and security of our platform. Thank you for helping us keep Shopflo and our users safe.
