Security

Last Updated: 11 November 2024

Your trust matters to us. This page explains how we protect your data and what we do to keep Perkstar secure.

Our Approach

We take a practical, layered approach to security. We use trusted infrastructure providers, follow data protection best practices, and continuously work to improve as we grow.

Infrastructure

Hosting

Perkstar is hosted on Amazon Web Services (AWS), one of the world's leading cloud platforms. AWS provides:

  • Physical security at data centres

  • Network protection and firewalls

  • Regular security certifications (ISO 27001, SOC 2, and others)

  • Redundancy and high availability

By building on AWS, we benefit from enterprise-grade infrastructure security without building it from scratch.

Data Encryption

In transit: All data sent between your browser and our servers is encrypted using TLS (Transport Layer Security).

At rest: Data stored on our servers is encrypted using industry-standard algorithms.

Payment Security

We do not store your payment card details. All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment provider — the highest level of payment security certification.

Stripe manages:

  • Subscription billing

  • Invoicing

  • Payment retries

  • Card data storage

Your payment information never touches our servers.

Access Controls

Your Account

You are responsible for keeping your login credentials secure. We recommend using a strong, unique password.

Multi-factor authentication (MFA): Not yet available in the Perkstar dashboard, but it's on our roadmap. We'll notify customers when it's released.

Team Roles

Perkstar includes basic role-based access:

  • Owner — Full access to all settings and data

  • Manager — Can manage loyalty cards and view reports

  • Staff — Limited access for day-to-day operations

This helps you control who on your team can access what.

Monitoring

We use automated monitoring to keep the platform running smoothly:

  • Uptime monitoring — We track availability and receive alerts if something goes down

  • Error tracking — Application errors are logged and flagged for review

  • Resource monitoring — Server performance is tracked to prevent issues

When critical issues are detected, our team is alerted and responds promptly.

Data Protection

We follow data protection best practices and comply with:

  • UK GDPR and EU GDPR — For users in the UK and Europe

  • CCPA — For users in California

See our Privacy Policy and Data Processing Agreement for full details on how we handle personal data.

Security Practices

What We Do

  • Encrypt data in transit and at rest

  • Use secure, trusted infrastructure (AWS)

  • Restrict access based on roles

  • Monitor systems for errors and downtime

  • Review security practices internally on a regular basis

  • Keep dependencies and systems updated

What We're Working On

We're a growing company and continually improving our security. Planned improvements include:

  • Multi-factor authentication for user accounts

  • More granular permission controls

  • Formal third-party security assessments

Incident Response

If a security incident occurs, we will:

  1. Identify and contain the issue as quickly as possible

  2. Investigate the cause and scope

  3. Notify affected users promptly (and within 72 hours as required by GDPR)

  4. Take steps to prevent recurrence

  5. Report to relevant authorities if required by law

How You Can Help

Security is a shared responsibility. Here's how you can protect your account:

  • Use a strong password — Don't reuse passwords from other sites

  • Don't share credentials — Each team member should have their own login

  • Review team access — Remove users who no longer need access

  • Watch for phishing — We'll never ask for your password by email

  • Report suspicious activity — Let us know if something seems wrong

Reporting a Vulnerability

If you discover a security vulnerability, please report it responsibly. We appreciate researchers who help us improve.

Email: security@perkstar.co.uk

Please include:

  • Description of the vulnerability

  • Steps to reproduce

  • Any supporting evidence (screenshots, logs)

Our commitment:

  • We will acknowledge your report within 5 business days

  • We will investigate and keep you informed of progress

  • We will not take legal action against good-faith security researchers

  • We will credit you (if you wish) when the issue is resolved

Please do not publicly disclose vulnerabilities until we've had a chance to address them.

Questions?

If you have questions about our security practices, contact us:

Email: security@perkstar.co.uk

Address: Perkstar Ltd 86-90 Paul Street 3rd Floor London EC2A 4NE United Kingdom

Summary

Area

What We Do

Hosting

AWS (enterprise-grade infrastructure)

Encryption

TLS in transit, encrypted at rest

Payments

Stripe (PCI DSS Level 1 certified)

Access control

Role-based (Owner, Manager, Staff)

MFA

Coming soon

Monitoring

Automated uptime, error, and resource monitoring

Compliance

UK GDPR, EU GDPR, CCPA

Your security is important to us. We're committed to protecting your data and being transparent about how we do it.

Accessibility Policy ›