Security and Retention Policy

PCI DSS standards require a strict adherence to retention policies.

Our Document Vault is intended to allow secure upload, storage and display of sensitive images and documents. To ensure data security and compliance with the PCI standard when it comes to cardholder data, strict retention policies are in place for uploaded documents.

These policies control how long documents can be stored and after how much time they will be deleted once the document has a Viewed status.

We also require that customers adhere to additional security processes when using the Document Vault:

  • Access

Restrict the number of users who have access to sensitive data to an absolute minimum.

  • Business case

To use the Document Vault, a clear and well-documented business case is required. The business case needs to be reviewed and approved by the PCI Proxy team.

  • Unique user accounts

Each user needs their own dedicated user account. Shared logins are not allowed.

  • Multi-factor authentication

User accounts must be secured with MFA.

We have also set up an internal monitoring and alerting tool which detects unusual or non-human activity. Once a certain threshold is reached, we may automatically block your user account.


For more information about our strict retention policy, PCI CSS or data security concerns, contact us.