Skip to main content

Regpack Security FAQ

  • Updated

  1. Regpack Security, Compliance, and Data Protection FAQ

    Business Location and Hours

    Regpack Headquarters is located in San Diego, California. Office hours are Monday to Friday, 9 a.m. to 6 p.m. Pacific Standard Time.

    Information Security Responsibilities and PCI Compliance

    Regpack is PCI-2 compliant and undergoes daily scans and independent audits to confirm compliance. Payment data is stored on PCI-1 compliant servers with security measures including:

    • Encrypted APIs

    • Restricted IP access

    • Rotating credentials

    • Custom protection algorithms

    Client violations of PCI regulations (e.g., collecting payment data outside authorized forms or sharing login credentials) will result in immediate account suspension and data purging.

    Admin and Data Access

    Admins manage their system’s back end (Users, Payments, Settings, etc.). Regpack staff may access back-end data only when needed for support, and all staff have signed NDAs to protect client data.

    User Account Management

    Users manage their own accounts. Admins can disable accounts. Regpack provides software and guidance; user management is the responsibility of the client.

    Technology Stack and Web Application Firewall (WAF)

    Regpack employs a best-in-class WAF to filter database attacks at the transmission level and limits data per IP/request to prevent mass extraction.

    Data Encryption and Transmission

    Sensitive data is encrypted with unique keys per user. Only authorized algorithm components (project, user, server, time of encryption) allow decryption.

    Physical Data Center Security

    Regpack servers are behind a physical firewall managed by a dedicated security team. Access is denied unless specifically approved.

    Intrusion Detection & Authentication

    • IPS/IDS: Yes

    • Failed Logins: Admins are notified after the 2nd failed attempt

    • Two-Factor Authentication: Required for all admin accounts

    Code Security and Audits

    • Regular internal code audits

    • All code written by internal team

    • No release to production unless it passes security review

    • PCI Level 2 compliant since 2010

    • Weekly PCI scans, monthly external scans

    • OWASP Top 10 compliance

    CHD & PII Security and Breach Notification

    • Internal team reviews all code

    • Clients will be informed of any breach within 72 hours

    Backup and Recovery

    • Hourly delta backups

    • Daily full data backups

    • Weekly full system backups

    • Data recovery within 24–48 hours by Regpack InfoSec team

    • All backups are encrypted and securely stored

    Security Team and Management Commitment

    Yes, Regpack has a dedicated security team, and management prioritizes information security.

    Staying Current with Security Best Practices

    Regpack undergoes third-party audits to ensure up-to-date compliance and security integrity.

    Data Protection Responsibilities

    • Regpack uses Rackspace Managed Security for hourly scans and weekly penetration testing

    • Servers are reviewed daily for integrity

    Data Location and Infrastructure

    • Regpack uses a split database mechanism to encrypt and mask data

    • Data is stored securely, and hosted infrastructure is physically managed by Regpack

    Data Ownership and Jurisdiction

    Contract Termination and Data Deletion

    • Cancellations require 30-day written notice to payments@regpacks.com

    • On cancellation, all data is purged immediately unless required by law to retain

    • Suspended accounts are retained for 6 months before requiring renewal or cancellation

    For questions about any of these policies or further details, contact support@regpacks.com.

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles