Security Policy

Last modified: February 1, 2025

At Regystra, we are dedicated to protecting our customers' data by implementing robust security measures across our services and infrastructure. Our Security Policy outlines the key practices we follow to ensure data integrity, user privacy, secure payment processing, and reliable hosting.

Disclaimer: While Regystra implements industry-standard security practices to protect customer data, no system is 100% secure. Customers are responsible for ensuring their own security practices, including managing user access, securing their credentials, and complying with data protection regulations. Regystra is not liable for any unauthorized access, data breaches, security incidents, or financial losses resulting from user actions, third-party services, or circumstances beyond our control.

1. Data Security

We implement comprehensive security measures to protect your data, including:

  • Data Encryption: Sensitive data is encrypted during transmission using strong encryption methods. We also employ data encryption at rest, tokenization, and data masking where necessary.
  • Data Access Controls: Access controls ensure that only authorized individuals can access sensitive data. We regularly review and update these controls to maintain their effectiveness.
    Note: Regystra provides tools for managing user access, but it is solely the responsibility of customers to enforce appropriate access controls. Regystra is not responsible for unauthorized data access, loss, or misuse resulting from customer-managed settings, weak credentials, or user actions.
  • Data Backups: Daily backups are performed using secure cloud-based solutions to ensure data integrity and availability; and to facilitate recovery and continuity.
  • Data Retention: Personal data is retained only as long as necessary to fulfill its intended purpose, unless a longer retention period is required by law.
  • Secure Data Transfers: Data in transit is encrypted using industry-standard encryption methods and secure protocols, such as HTTPS, to ensure safe transmission between our systems and your devices.
  • Data Protection: Additional measures, such as data masking and encryption, are implemented to prevent unauthorized access to sensitive data.
  • Data Integrity: Measures like data validation and error handling are in place to prevent corruption and maintain accuracy.
  • Data Access Logs: Detailed access logs are maintained to track and audit user activities, ensuring transparency and accountability.
  • Data Breach Response: A robust breach response plan is in place to promptly detect, investigate, and mitigate data breaches.


2. Payment Processing Security

We ensure the security of your payment information by:

  • Trusted Payment Partners: We utilize reputable payment processing partners, including Stripe, Authorize.net, PayPal, and MercadoPago, to handle and securely store credit card data. These partners are certified as PCI Level 1 Service Providers and are listed on the VISA Global Registry of Service Providers.
  • Outsourced Cardholder Data Functions: Regystra does not directly process or store credit card information, ensuring that sensitive payment data is managed by our compliant partners.

All payment transactions are processed by third-party providers (e.g., Stripe, PayPal, Authorize.net, MercadoPago). Regystra does not store or process payment data. Any disputes, fraud claims, or unauthorized transactions must be handled directly with the payment provider. Regystra is not liable for payment processing errors, chargebacks, or financial losses arising from third-party payment systems.


3. Hosting Security

We ensure the security of our hosting infrastructure by:

  • Secure Cloud Infrastructure: Our services are hosted on Amazon Web Services (AWS), Azure and Google Cloud Platform (GCP), PCI-compliant provider with industry-standard SOC 1 and SOC 2 certifications. Learn more about AWS Security
  • Robust Security Measures: Our infrastructure implements multi-factor authentication, role-based access controls (RBAC), and strict change management processes to safeguard our infrastructure.
  • Regular Backups: We perform regular backups to ensure data integrity and availability, leveraging our cloud provider's secure backup solutions.

While Regystra leverages cloud providers such as AWS, Azure, and Google Cloud for hosting, we are not responsible for any outages, security breaches, or data loss resulting from failures in these third-party services. Customers should refer to the respective provider's security policies for details on their security measures and compliance.


4. Security and Compliance

We conduct regular security assessments to evaluate the effectiveness of our security controls and identify potential vulnerabilities:

  • Comprehensive Security Program: We maintain an information security program that includes assessment, education, protection, detection, and response to security incidents, adhering to industry standards and best practices.
  • Regular Vulnerability Scans: Our production environments undergo regular automated scans to promptly identify and address vulnerabilities and missing patches.
  • Firewall Management: We continuously review firewall traffic and update firewall policies to ensure only legitimate traffic is permitted.
  • Audits and Testing: Regystra continuously evaluates and enhances its security measures in line with evolving industry best practices.
  • Prompt Remediation: Findings from these assessments are addressed promptly to continuously enhance our security posture.


5. Incident Response & Security Breach Notification

In the event of a data breach affecting customer information, Regystra will:

  • Investigate & Contain: Immediately assess and mitigate any security threat.
  • Notify Affected Parties: If legally required, we will notify customers within a reasonable timeframe regarding any breach that may impact their data.
  • Cooperate with Authorities: Regystra will comply with applicable data protection laws regarding incident reporting and resolution.
  • Take Corrective Actions: Implement necessary changes to prevent similar incidents in the future.

Customer Responsibility: Customers must notify Regystra immediately if they suspect unauthorized access to their accounts. Regystra is not liable for security breaches caused by compromised user credentials, phishing attacks, or weak passwords.


6. User Responsibilities & Security Best Practices

While Regystra implements security best practices, customers must take necessary precautions to secure their accounts. This includes:

  • Using strong, unique passwords and enabling two-factor authentication (2FA).
  • Restricting access to authorized users only.
  • Regularly updating passwords and revoking access for former employees or third parties.
  • Ensuring that all uploaded content complies with intellectual property laws and does not contain malware or harmful code.

Regystra is not liable for security incidents caused by weak credentials, phishing attacks, customer misconfiguration, or unauthorized access due to user negligence.


7. Compliance with Security Standards & Regulations

Regystra follows industry best practices for cloud security, data protection, and user privacy. While Regystra does not hold SOC 2 or ISO 27001 certifications, we implement security controls inspired by these frameworks where applicable.

Note: Compliance with GDPR, CCPA, and other regulations is a shared responsibility, where Regystra provides security measures while customers remain responsible for their data-handling practices.


8. API & Integration Security

If customers integrate Regystra with external systems via API access, they must:

  • Keep API keys confidential and rotate them regularly.
  • Restrict API usage to authorized systems only.
  • Ensure third-party integrations follow security best practices and comply with data protection laws.

Customers are responsible for securely managing their API credentials and ensuring third-party integrations meet security best practices. Regystra provides API access as-is and is not liable for security breaches, data leaks, or unauthorized access resulting from customer-managed integrations or third-party applications.


9. Termination & Data Deletion

Upon account termination, Regystra retains customer data for a limited period (e.g., 30 days) to facilitate potential reactivation or retrieval requests. Customers are responsible for exporting any required data before closing their accounts. After this period, Regystra will permanently delete or irreversibly anonymize all stored customer data, in compliance with applicable laws, internal policies, and customer requests.


Regystra makes no warranties, express or implied, regarding the security of the platform. Customers acknowledge that security is a shared responsibility and agree that Regystra shall not be liable for any direct, indirect, incidental, consequential, punitive, special, or exemplary damages, including but not limited to cybersecurity threats, unauthorized access, data breaches, misconfigurations, third-party failures, or customer negligence.

For more information on our security practices or to report potential security concerns, please contact our security team at: info[at]regystra.com