Security

SECTION 1

Program Approach

Giftpack maintains administrative, technical, and organizational measures designed to support confidentiality, integrity, availability, privacy, and responsible service delivery. Giftpack’s security program is designed to evolve as Giftpack’s platform, products, suppliers, and customer requirements evolve.

SECTION 2

Infrastructure and Hosting

Giftpack uses Google Cloud Platform for hosting and related infrastructure services. Giftpack uses GCP infrastructure in Tokyo for disaster recovery purposes. Production and related environments are managed with security, resilience, and operational continuity considerations in mind.

SECTION 3

Encryption

Giftpack uses industry-standard encryption protocols to protect data in transit and at rest. Encryption measures are designed to support confidentiality and integrity of data processed through the platform.

SECTION 4

Access Control and Authentication

Access to systems and customer data is limited to authorized personnel with a legitimate business need. Giftpack applies role-based access principles and least-privilege practices where appropriate. Giftpack supports authentication and access controls intended to reduce unauthorized access risk, including multi-factor authentication for internal systems where appropriate. Single sign-on and related identity controls may be supported depending on service configuration and plan.

SECTION 5

Secure Development and Change Management

Giftpack maintains development and change-management practices designed to support secure software delivery. Code changes and infrastructure updates are intended to be reviewed, tested, and deployed through controlled workflows appropriate to the service environment.

SECTION 6

Monitoring, Logging, and Vulnerability Management

Giftpack maintains monitoring and logging practices designed to support detection, investigation, and response to potential security events and operational anomalies. Giftpack performs vulnerability scanning and periodic security testing, including penetration testing, and reviews identified issues for remediation based on risk, severity, and operational context.

SECTION 7

Incident Response

Giftpack maintains incident response processes designed to support identification, escalation, containment, investigation, remediation, and communication of security incidents as appropriate. Relevant customers may be notified in accordance with contractual and legal obligations, including Giftpack’s Data Processing Addendum where applicable.

SECTION 8

Personnel and Internal Security

Giftpack’s security program is supported by internal policies, confidentiality obligations, and security awareness practices intended to reinforce responsible handling of systems and data.

SECTION 9

Privacy and Data Protection

Giftpack’s security and privacy practices are intended to support responsible handling of personal data and confidential information. For more information, review Giftpack’s Privacy Policy and Data Processing Addendum.

SECTION 10

Compliance and Assurance

Giftpack maintains a SOC 2 Type II report covering relevant security controls. Giftpack’s privacy and security program is designed with reference to recognized frameworks and regulatory requirements, including GDPR, CCPA, and controls aligned with ISO 27001 principles where appropriate.

SECTION 11

Vendor and Subprocessor Management

Giftpack evaluates and manages third-party service providers with security and privacy considerations in mind. Access to data is intended to be limited to what is necessary for service delivery, and contractual protections are used where appropriate.

SECTION 12

Security Review Requests

Customers who require additional security review, questionnaires, assessment support, SOC 2 materials, or supporting procurement documentation may submit a request through Giftpack’s security or procurement review channel. Giftpack may provide additional documentation subject to confidentiality requirements, customer eligibility, and internal review.