Security Policies

In the post-GDPR days, writing a statement like “keeping your data secure is our number-one priority” isn’t enough. While it’s hard to prove this statement objectively, we can start with a detailed description of what security measures we have taken to protect Voucherify from malicious activity. And being an engineering-driven company, we set the bar high. 

We work hard to keep your data secure, and our security policy covers several key areas. Check below for more info, or take a look at our security datasheet. You can also contact us if you have any questions.


  • AWS cloud security (Virtual Private Cloud). Read more about the AWS cloud here
  • ISO 27001 certification.
  • Encryption (AWS KMS, TLS, data encryption at rest).
  • Regular PCI scans, security audits, and penetration tests.
  • DDOS protection (syn cookies, connection limiting).
  • Login brute-force protection.
  • An anomaly detection system (Prometheus, Grafana, New Relic, CloudWatch, Pager Duty).
  • Role-based access and policy enforcement (AWS IAM, single-host-to-server VPN model, local machine encryption).
  • Disaster Recovery Program (Kubernetes-based 5-minute platform deployment).
  • GDPR, CCPA compliance.
  • Reliability and backup (RAID class hardware, AWS S3).
  • Two-factor authentication, password policies, SAML.

ISO 27001 Certification

Voucherify is ISO 27001 certified. ISO/IEC 27001 is currently the international standard for information security management systems.This particular certification ensures that Voucherify follows the best practices for an information security management system (ISMS) and puts specific procedures and policies in place to deliver the highest standard of risk management processes and data security.

Infrastructure Security

We’ve partnered with Amazon Web Services (AWS), which provides the hardware and infrastructure to support Voucherify’s promotion management platform. Amazon enforces security through a variety of methods as covered in their Security Whitepaper. In short, the buildings, servers, and infrastructure of their services are the same as their multi-billion dollar retail business. This gives confidence that the foundation of infrastructure is protected. 

This isn’t a reason to let our guard down. With security being ingrained in the Voucherify platform from day one, we continually add measures on each layer of our platform. Together with the AWS Cloud Security policy, the measures we implement allow us to provide our customers with a reliable and secure application.

Please, visit this link to download Voucherify Security Model.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.