Security

Shuttle's products are built with enterprise-grade security standards while maintaining simple implementation for merchants. Our security infrastructure includes robust authentication, comprehensive access controls, and detailed audit logs to help your business meet compliance requirements without unnecessary complexity.

Our Security Certifications

At Shuttle, we maintain PCI DSS Level 1, SOC2 Type 2, and ISO 27001 certifications.

PCI DSS Level 1 Certification

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements designed to protect payment card information during and after transactions. This global standard helps prevent fraud and data breaches when handling cardholder data.

Our Level 1 Certification Means:

Highest Security Tier: Level 1 is the most rigorous PCI DSS certification level, required for service providers processing over 300,000 card transactions annually.
Regular Independent Audits: Our systems undergo comprehensive annual audits by a Qualified Security Assessor (QSA).
Advanced Data Protection: Your customers' payment information is protected by multiple security layers including encryption, firewalls, and intrusion detection.
Continuous Compliance: We maintain ongoing vigilance and regularly update our security measures.

Benefits for Your Business:

Enhanced Customer Trust: Demonstrate to your customers that their payment information is handled securely.
Reduced Fraud Risk: Our adherence to stringent standards significantly lowers the risk of data breaches.
Simplified Compliance: Using our PCI DSS Level 1 certified payment system helps you meet your own compliance obligations.

SOC2 Type 2 Certification

What is SOC2?

Service Organization Control 2 (SOC2) is a framework developed by the American Institute of CPAs (AICPA) specifically for service providers that store customer data in the cloud. It ensures the implementation of strict information security policies and procedures.

Our Type 2 Certification Includes:

Long-term Effectiveness Evaluation: Unlike Type 1 certification, Type 2 examines our security controls over a minimum six-month period.
Five Trust Principles: Our certification confirms compliance with security, availability, processing integrity, confidentiality, and privacy standards.
Independent Verification: Our systems and processes have been thoroughly reviewed by an independent CPA firm.

Benefits for Your Business:

Verified Security Practices: Know that your payment processing is backed by verified security practices.
Data Protection Assurance: Confidence that customer payment data is handled according to industry standards.
Risk Management: Our proactive security approach helps protect your business reputation.

ISO 27001 Certification

What is ISO 27001?

ISO 27001 is an internationally recognized standard for information security management systems (ISMS). It provides a systematic approach to managing sensitive business information and ensuring it remains secure.

Our Certification Demonstrates:

Comprehensive Security Framework: We've implemented a robust system for establishing, operating, and improving information security.
Systematic Risk Management: We identify, assess, and address information security risks systematically.
Continuous Improvement: Our security processes are regularly evaluated and enhanced.
Independent Verification: Regular external audits confirm our compliance with the standard.

Benefits for Your Business:

Enhanced Data Protection: Customer payment information is managed according to global security best practices.
Trust and Credibility: Demonstrate to your customers that you use payment systems that meet international security standards.
Compliance Support: Working with an ISO 27001 certified payment provider can simplify your compliance efforts.

Regular Penetration Testing

What is Penetration Testing?

Penetration testing (pen testing) involves simulated cyber attacks against our systems to identify and address potential vulnerabilities before they can be exploited.

Our Approach:

Certification Maintenance: Regular external testing is crucial to maintaining our security certifications.
Proactive Vulnerability Management: We identify and address potential security weaknesses before they can be exploited.
Security Evolution: Our testing program ensures we stay ahead of emerging threats.

Benefits for Your Business:

Reduced Breach Risk: Proactive testing minimizes the risk of successful attacks that could compromise customer data.
Enhanced Security Confidence: Your customers can have greater trust in your payment processing.
Industry Best Practices: Your business benefits from payment systems that align with cybersecurity best practices.

Our Security Commitment

Our comprehensive approach to security, backed by PCI DSS Level 1, SOC2 Type 2, and ISO 27001 certifications, demonstrates our dedication to protecting your business and customer information. These certifications are not just credentials; they represent our ongoing commitment to maintaining the security, confidentiality, and availability of your payment data.

Data Storage and Privacy

European Data Storage

All merchant and customer payment data processed through our system is securely stored within Europe, ensuring compliance with strict data protection regulations and supporting data sovereignty requirements.

GDPR Compliance

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive European Union data protection law designed to give individuals control over their personal data and to standardize data protection across Europe.

Our GDPR Compliance Includes:

Strict Data Protection: We adhere to GDPR's high standards for data privacy, security, and lawful processing.
Transparency: We maintain clear policies about how we handle payment and personal data.
Data Subject Rights: We respect all GDPR rights, including access, rectification, erasure, and data portability.

Benefits for Your Business:

Enhanced Customer Trust: Demonstrate to customers that their payment data is protected under one of the world's strictest privacy regulations.
Simplified Compliance: Our GDPR-compliant system helps you meet your own obligations, especially when serving European customers.
Reduced Regulatory Risk: Using a GDPR-compliant payment solution helps reduce your exposure to potential penalties.

Data Protection Registration

Shuttle is registered with the Information Commissioner's Office (ICO), the UK's independent authority for data privacy enforcement.

ICO Registration Number: ZB059255

View our ICO registration

What This Means:

Legal Compliance: We adhere to UK data protection regulations in our payment processing operations.
Accountability: We are committed to transparent and responsible handling of payment and personal data.
Continuous Compliance: We regularly review and update our data protection practices.

Benefits for Your Business:

Regulatory Confidence: Know that your payment processor complies with UK data protection law.
Customer Reassurance: Demonstrate to your customers that their payment data is handled responsibly.
Compliance Support: Partnering with a registered payment processor helps support your own data protection compliance.

Security Documentation

The following security documentation is available for merchants:

ICO Data Protection Registration Certificate
ISO27001 Certificate of Registration
ISO27001 Statement of Applicability
PCI DSS Attestation of Compliance
PCI DSS Shared Responsibility Matrix
SOC2 Type 2 Report - available under NDA to merchants on qualifying plans