-
Regpack Security, Compliance, and Data Protection FAQ
Business Location and Hours
Regpack Headquarters is located in San Diego, California. Office hours are Monday to Friday, 9 a.m. to 6 p.m. Pacific Standard Time.
Information Security Responsibilities and PCI Compliance
Regpack is PCI-2 compliant and undergoes daily scans and independent audits to confirm compliance. Payment data is stored on PCI-1 compliant servers with security measures including:
-
Encrypted APIs
-
Restricted IP access
-
Rotating credentials
-
Custom protection algorithms
Client violations of PCI regulations (e.g., collecting payment data outside authorized forms or sharing login credentials) will result in immediate account suspension and data purging.
Admin and Data Access
Admins manage their system’s back end (Users, Payments, Settings, etc.). Regpack staff may access back-end data only when needed for support, and all staff have signed NDAs to protect client data.
User Account Management
Users manage their own accounts. Admins can disable accounts. Regpack provides software and guidance; user management is the responsibility of the client.
Technology Stack and Web Application Firewall (WAF)
Regpack employs a best-in-class WAF to filter database attacks at the transmission level and limits data per IP/request to prevent mass extraction.
Data Encryption and Transmission
Sensitive data is encrypted with unique keys per user. Only authorized algorithm components (project, user, server, time of encryption) allow decryption.
Physical Data Center Security
Regpack servers are behind a physical firewall managed by a dedicated security team. Access is denied unless specifically approved.
Intrusion Detection & Authentication
-
IPS/IDS: Yes
-
Failed Logins: Admins are notified after the 2nd failed attempt
-
Two-Factor Authentication: Required for all admin accounts
Code Security and Audits
-
Regular internal code audits
-
All code written by internal team
-
No release to production unless it passes security review
-
PCI Level 2 compliant since 2010
-
Weekly PCI scans, monthly external scans
-
OWASP Top 10 compliance
CHD & PII Security and Breach Notification
-
Internal team reviews all code
-
Clients will be informed of any breach within 72 hours
Backup and Recovery
-
Hourly delta backups
-
Daily full data backups
-
Weekly full system backups
-
Data recovery within 24–48 hours by Regpack InfoSec team
-
All backups are encrypted and securely stored
Security Team and Management Commitment
Yes, Regpack has a dedicated security team, and management prioritizes information security.
Staying Current with Security Best Practices
Regpack undergoes third-party audits to ensure up-to-date compliance and security integrity.
Data Protection Responsibilities
-
Regpack uses Rackspace Managed Security for hourly scans and weekly penetration testing
-
Servers are reviewed daily for integrity
Data Location and Infrastructure
-
Regpack uses a split database mechanism to encrypt and mask data
-
Data is stored securely, and hosted infrastructure is physically managed by Regpack
Data Ownership and Jurisdiction
-
Clients retain full ownership of their data
-
Governed under the State of California
Contract Termination and Data Deletion
-
Cancellations require 30-day written notice to payments@regpacks.com
-
On cancellation, all data is purged immediately unless required by law to retain
-
Suspended accounts are retained for 6 months before requiring renewal or cancellation
For questions about any of these policies or further details, contact support@regpacks.com.
-