Interested in the security of your and your customers' data?  

You're smart to be!  One of the things that got us fired up about building this app was seeing how other developers in the field were handing the security of customer data, including credit card information. We stay on top of the latest security whitepapers, network practices and software patches to ensure you and your customer's data remains safe. Lee is a regular of Hacker News , /r/webdev , and other more boring (and more technical) sources. 

Interested in running your own spot test of Gingr's security? Click the button below to run a live scan of our encryption technology. Af of 3/3/2015, we rate an A+ by Qualsys SSL Labs - the industry leader in SSL research.

The Details

  • Live back-ups
    • Your database runs on 2 servers simultaneously in a master-slave configuration.
      • Any change to data is immediately replicated to the slave server.
      • Each server runs a RAID 10 configuration of hard drives.
      • This means that your data is stored on no fewer than 8 physical hard drives at any given time.
    • If the master server fails, the slave will take over immediately and become the master. A new slave is automatically created.
  • Hot back-ups
    • Once a day, we take a physical backup of your database and store it in the same data center. 
      • This backup is stored in a RAID 10 configuration of hard drives.
      • This means that your data is stored on no fewer than 4 physical hard drives at any given time.
    • This allows for quick restore in case of a small scale emergency.
  • Cold back-ups
    • Once a day, we take a logical backup of your database and store it in:
      • South Carolina USA
      • Iowa USA
      • Taiwan
      • Belgium
    • These backups are stored with a different service provider than our primary.
    • This allows for long term durability of backups in case of natural disasters, etc.
  • User uploaded file back-ups
    • Once a day, we back up all user uploaded files (vaccination records, e-signatures, report card photos/videos, etc..) to a different service provider than our primary.
  • Saves credit cards for one-click use without storing actual card numbers  (we use tokenization)
    • Tokenization is the process of exchanging a credit card number for a random string of letters and numbers.
    • This process occurs between your device and your merchant processor
    • Gingr can not touch, see or feel a real credit card number. Ever.
  • 24/7/365 monitoring of the application, firewall, and database security comes standard (the whole team is notified within seconds if there's an issue)

if you're not bored yet

  • Passwordless servers (2048-bit SHA2 encryption)
    • We use strong cryptography to log into our servers, not password1234!
    • Best guesses say that 2048-bit encryption could possibly require millions of computers over a year and a team of experts to crack.
  • File and database servers are not connected to a public network
    • If someone wanted to gain access our database, they'd have to get onto our network and then into our servers first
  • You can backup your data (and uploaded files) yourself, anytime, anywhere
    • Please do this. You'll thank yourself later
  • All requests utilize 2048-bit encryption using modern cryptography
  • Weekly maintenance schedule
    • We click "Yes" to system updates :)

credit card security

  • Gingr uses the latest technology, including:
    • iFrame tokenization
      • Tokenization allows Gingr to process credit card payments without ever touching a real credit card number. 
      • The user's device communicates directly with CardConnect. CardConnect then provides Gingr with a random "token".
    • Point-to-Point Encryption (P2PE)
      • Gingr does not have access the decryption key. Even if we wanted to, we can't.
      • All data is encrypted at each point between the cardholder, the bank, and Gingr. 
    • EMV (chip cards)
      • Gingr's EMV support removes all card data entry from your businesses' computer to a secure terminal.
      • This is the next generation of payment security.